Skip to main content

Hermes Webui CVE-2026-6830

| EUVDEUVD-2026-24515 MEDIUM
Exposure of Resource to Wrong Sphere (CWE-668)
2026-04-21 VulnCheck GHSA-vvfr-g83f-8qcv
4.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 21, 2026 - 22:22 NVD
LOW MEDIUM
CVSS changed
Apr 21, 2026 - 22:22 NVD
3.3 (LOW) 4.8 (MEDIUM)
EUVD ID Assigned
Apr 21, 2026 - 22:16 euvd
EUVD-2026-24515
Patch released
Apr 21, 2026 - 22:16 nvd
Patch available
CVE Published
Apr 21, 2026 - 21:33 nvd
MEDIUM 4.8

DescriptionCVE.org

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.

Analysis

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.

CVE-2026-58123 CRITICAL
9.3 Jul 09

Unauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell

CVE-2026-58122 CRITICAL
9.3 Jul 09

Authentication bypass in Hermes WebUI before 0.51.307 lets unauthenticated remote attackers reach onboarding endpoints t

CVE-2026-55196 CRITICAL
9.1 Jun 17

Authentication bypass in Hermes WebUI before 0.51.409 allows unauthenticated remote attackers to register the first pass

CVE-2026-49973 CRITICAL
9.2 Jun 11

Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settin

CVE-2026-53871 HIGH
8.6 Jun 17

Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files,

CVE-2026-6832 HIGH
7.2 Apr 21

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic

CVE-2026-11322 HIGH
7.1 Jun 04

Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files ou

CVE-2026-49956 HIGH
7.1 Jun 09

Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and tran

CVE-2026-55198 HIGH
7.1 Jun 17

Cross-profile session data exfiltration in Hermes WebUI before 0.51.443 lets any authenticated user retrieve session tra

CVE-2026-55197 HIGH
7.1 Jun 17

Cross-profile session disclosure in Hermes WebUI before 0.51.443 lets any authenticated user retrieve conversation trans

CVE-2026-49955 MEDIUM
6.9 Jun 09

Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availabi

CVE-2026-55205 MEDIUM
6.9 Jun 18

Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint

Share

CVE-2026-6830 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy