Skip to main content

hermes-agent CVE-2026-9369

| EUVDEUVD-2026-31581 LOW
Incorrect Comparison (CWE-697)
2026-05-24 VulDB GHSA-cv5c-mh6j-wvp9
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 26, 2026 - 19:52 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 19:52 NVD
5.3 (MEDIUM) 1.9 (LOW)
Analysis Generated
May 24, 2026 - 09:31 vuln.today

DescriptionCVE.org

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Local privilege escalation in NousResearch hermes-agent 2026.4.23 allows authenticated local users to manipulate plugin discovery logic via HERMES_ENABLE_PROJECT_PLUGINS environment variable, resulting in unauthorized information disclosure and potential integrity compromise of the CLI web-dashboard interface. Publicly available exploit code exists (EPSS data not provided, not listed in CISA KEV). The vendor did not respond to responsible disclosure attempts, leaving remediation status uncertain.

Technical ContextAI

The vulnerability exists in the _discover_dashboard_plugins function within hermes_cli/web_server.py, part of the CLI web-dashboard interface of NousResearch hermes-agent. The flaw is classified as CWE-697 (Incorrect Comparison), indicating a logic error in how the code evaluates the HERMES_ENABLE_PROJECT_PLUGINS configuration parameter during plugin discovery. This incorrect comparison allows manipulation of the plugin loading mechanism, potentially enabling unauthorized plugins or bypassing security controls intended to restrict plugin execution. The CPE identifier (cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*) indicates this affects the hermes-agent product from NousResearch, specifically version 2026.4.23 as noted in the description.

RemediationAI

No vendor-released patch identified at time of analysis due to vendor non-responsiveness to responsible disclosure. Organizations using hermes-agent 2026.4.23 should implement compensating controls: (1) Restrict local system access to the hermes-agent CLI web-dashboard to only trusted administrators - remove access for standard users, noting this may limit legitimate operational workflows. (2) Monitor and log all modifications to HERMES_ENABLE_PROJECT_PLUGINS environment variable through system auditing (auditd on Linux, Sysmon on Windows), though this provides detection rather than prevention. (3) Run hermes-agent processes under least-privilege service accounts that cannot modify system-wide plugin directories, which may constrain plugin functionality but limits blast radius. (4) Consider migrating to alternative AI agent frameworks with active vendor support if hermes-agent is not mission-critical, as vendor abandonment suggests future vulnerabilities will also remain unpatched. Evaluate forking the open-source project if continued use is necessary. Exploit code is available at https://gist.github.com/YLChen-007/062b77ceac6aa9844842a616f5d2ef30 and should be tested in isolated environments to validate control effectiveness.

CVE-2026-9367 MEDIUM POC
5.5 May 24

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands

CVE-2026-14628 MEDIUM POC
5.5 Jul 04

Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the

CVE-2026-9351 MEDIUM POC
5.5 May 24

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass

CVE-2026-9368 MEDIUM POC
5.5 May 24

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula

CVE-2026-10221 MEDIUM POC
5.5 Jun 01

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp

CVE-2026-10220 MEDIUM POC
5.5 Jun 01

Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t

CVE-2026-9366 MEDIUM POC
5.5 May 24

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbi

CVE-2026-9353 MEDIUM POC
5.5 May 24

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t

CVE-2026-10224 MEDIUM POC
5.5 Jun 01

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti

CVE-2026-9350 MEDIUM POC
5.5 May 24

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentica

CVE-2026-9352 MEDIUM POC
5.5 May 24

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data vi

CVE-2026-7396 MEDIUM POC
5.5 Apr 29

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality

Share

CVE-2026-9369 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy