Skip to main content

hermes-agent CVE-2026-9350

| EUVDEUVD-2026-31560 MEDIUM
Missing Authorization (CWE-862)
2026-05-24 VulDB GHSA-4j8w-8wvv-4969
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 26, 2026 - 19:52 NVD
HIGH MEDIUM
CVSS changed
May 26, 2026 - 19:52 NVD
7.3 (HIGH) 5.5 (MEDIUM)
Analysis Generated
May 24, 2026 - 03:45 vuln.today

DescriptionCVE.org

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentication checks in the Batch Runner component, potentially executing unauthorized commands. The vulnerability affects the check_all_command_guards function in tools/approval.py and can be exploited without authentication. Publicly available exploit code exists, though the vulnerability is not yet confirmed in CISA KEV.

Technical ContextAI

The vulnerability resides in the hermes-agent software developed by NousResearch, specifically in the Batch Runner component's authorization mechanism. The affected function check_all_command_guards in tools/approval.py fails to properly enforce access controls, falling under CWE-862 (Missing Authorization). This suggests the application processes batch commands without verifying whether the requesting user has appropriate permissions, allowing unauthorized actors to execute privileged operations.

RemediationAI

No vendor-released patch identified at time of analysis. The vendor was contacted but did not respond, making official remediation guidance unavailable. As compensating controls, organizations should immediately restrict network access to hermes-agent instances behind firewalls or VPNs, implement additional authentication layers at the network perimeter, and monitor logs for unauthorized batch command executions. Consider disabling the Batch Runner component if not essential for operations. For detailed vulnerability information, refer to the VulDB entry at https://vuldb.com/vuln/365313.

CVE-2026-9367 MEDIUM POC
5.5 May 24

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands

CVE-2026-14628 MEDIUM POC
5.5 Jul 04

Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the

CVE-2026-9351 MEDIUM POC
5.5 May 24

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass

CVE-2026-9368 MEDIUM POC
5.5 May 24

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula

CVE-2026-10221 MEDIUM POC
5.5 Jun 01

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp

CVE-2026-10220 MEDIUM POC
5.5 Jun 01

Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t

CVE-2026-9366 MEDIUM POC
5.5 May 24

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbi

CVE-2026-9353 MEDIUM POC
5.5 May 24

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t

CVE-2026-10224 MEDIUM POC
5.5 Jun 01

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti

CVE-2026-9352 MEDIUM POC
5.5 May 24

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data vi

CVE-2026-7396 MEDIUM POC
5.5 Apr 29

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality

CVE-2026-53869 HIGH
8.7 Jun 17

DNS rebinding in NousResearch Hermes Agent prior to 0.16.0 allows remote attackers to reach privileged local WebSocket e

Share

CVE-2026-9350 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy