Skip to main content

NousResearch hermes-agent CVE-2026-7112

| EUVDEUVD-2026-25812 LOW
Improper Authentication (CWE-287)
2026-04-27 VulDB
2.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.9 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

9
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.3 (MEDIUM) 2.9 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 27, 2026 - 10:30 vuln.today
CVSS changed
Apr 27, 2026 - 10:22 NVD
5.6 (MEDIUM) 6.3 (MEDIUM)
EUVD ID Assigned
Apr 27, 2026 - 10:00 euvd
EUVD-2026-25812
Analysis Generated
Apr 27, 2026 - 10:00 vuln.today
Patch released
Apr 27, 2026 - 10:00 nvd
Patch available
CVE Published
Apr 27, 2026 - 09:45 nvd
LOW 2.9

DescriptionCVE.org

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

AnalysisAI

Improper authentication in the API_SERVER_KEY handler of NousResearch hermes-agent 0.8.0 allows remote attackers to bypass authentication checks in the _check_auth function via the API server component. The vulnerability has a CVSS score of 6.3 with high attack complexity, and publicly available exploit code exists. The project has not yet responded to early notification via pull request.

Technical ContextAI

The vulnerability exists in the gateway/platforms/api_server.py component of hermes-agent, specifically within the _check_auth function responsible for validating API_SERVER_KEY authentication tokens. CWE-287 (Improper Authentication) indicates the root cause is a flaw in the authentication mechanism itself-likely an insufficient or bypassable validation routine. The API_SERVER_KEY handler is a critical security component that should enforce strict authentication for remote API access, but the implementation permits attackers to circumvent these checks through manipulation of the authentication logic or request parameters.

RemediationAI

The primary remediation is to apply the available patch via GitHub pull request #6477 (https://github.com/NousResearch/hermes-agent/pull/6477), which addresses the _check_auth function's authentication bypass. Users should upgrade to the patched version once released. Until patch deployment, restrict network access to the API server component using firewall rules or network segmentation, limiting connectivity to trusted internal networks only. Implement additional authentication layers (e.g., API gateway authentication, mutual TLS) upstream of hermes-agent to compensate for the local authentication bypass. Monitor API_SERVER_KEY authentication logs for failed authentication attempts or suspicious patterns. Disable the API server component entirely if not required for operation, eliminating the attack surface.

CVE-2026-9367 MEDIUM POC
5.5 May 24

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands

CVE-2026-14628 MEDIUM POC
5.5 Jul 04

Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the

CVE-2026-9351 MEDIUM POC
5.5 May 24

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass

CVE-2026-9368 MEDIUM POC
5.5 May 24

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula

CVE-2026-10221 MEDIUM POC
5.5 Jun 01

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp

CVE-2026-10220 MEDIUM POC
5.5 Jun 01

Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t

CVE-2026-9366 MEDIUM POC
5.5 May 24

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbi

CVE-2026-9353 MEDIUM POC
5.5 May 24

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t

CVE-2026-10224 MEDIUM POC
5.5 Jun 01

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti

CVE-2026-9350 MEDIUM POC
5.5 May 24

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentica

CVE-2026-9352 MEDIUM POC
5.5 May 24

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data vi

CVE-2026-7396 MEDIUM POC
5.5 Apr 29

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality

Share

CVE-2026-7112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy