Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbitrary code through the _scan_context_content function in agent/prompt_builder.py. The vulnerability has publicly available exploit code and affects all versions up to 2026.4.23, with the vendor failing to respond to disclosure attempts.
Technical ContextAI
The vulnerability exists in the _scan_context_content function within the prompt_builder.py module of hermes-agent, a NousResearch product. The issue is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), indicating that user-controlled input is not properly sanitized before being used in a way that allows injection attacks. The CPE string indicates all versions of hermes-agent are affected.
RemediationAI
No vendor-released patch identified at time of analysis due to vendor non-response. Organizations should immediately review usage of the _scan_context_content function and implement input validation for any data passed to this function. Consider temporarily disabling or restricting access to functionality that uses prompt_builder.py until a patch is available. Monitor the VulDB references at https://vuldb.com/vuln/365329 for updates. As a compensating control, implement web application firewall rules to filter potentially malicious input patterns targeting this injection vulnerability, though this may impact legitimate functionality.
More in Hermes Agent
View allRemote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands
Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the
Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass
Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula
Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp
Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t
Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t
Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti
Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentica
Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data vi
A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality
DNS rebinding in NousResearch Hermes Agent prior to 0.16.0 allows remote attackers to reach privileged local WebSocket e
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31580
GHSA-pgp4-xr4j-h5cg