Skip to main content

Hermes WebUI EUVDEUVD-2026-30109

| CVE-2026-22677 MEDIUM
Path Traversal (CWE-22)
2026-05-13 VulnCheck GHSA-wvw9-5wfm-7729
6.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 08, 2026 - 10:42 vuln.today
Analysis Generated
Jun 08, 2026 - 10:42 vuln.today
CVSS changed
May 13, 2026 - 19:22 NVD
6.5 (MEDIUM) 6.0 (MEDIUM)

DescriptionCVE.org

Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session file API to access any file readable by the WebUI process.

AnalysisAI

Path traversal in Hermes WebUI's session import endpoint allows authenticated low-privileged attackers to read arbitrary files accessible to the WebUI process. By importing a crafted session JSON with an unrestricted workspace value such as '/', an attacker bypasses the workspace boundary controls that govern every other workspace-bearing endpoint, then leverages the file API to exfiltrate any file readable by the WebUI process user. No active exploitation is confirmed (absent from CISA KEV), EPSS sits at 0.04% in the 12th percentile, and SSVC rates exploitation as none - but the CVSS 4.0 confidentiality impact is rated High, making this a meaningful risk for network-exposed deployments with authenticated user populations.

Technical ContextAI

The vulnerable component is Hermes WebUI by nesquena (CPE: cpe:2.3:a:nesquena:hermes-webui:*:*:*:*:*:*:*:*), a web-based AI assistant interface. The root cause is CWE-22 (Path Traversal): the POST /api/session/import endpoint read the 'workspace' field directly from attacker-supplied JSON without passing it through resolve_trusted_workspace() - the sanitization function already applied to all other workspace-bearing API endpoints. This omission allowed an arbitrary filesystem path (e.g., '/') to be persisted on the Session object. Once stored, the /api/file endpoint, which constructs file paths by joining the session's workspace with caller-supplied relative paths, would resolve traversal sequences against the attacker-controlled root rather than a restricted workspace directory. The CVSS 4.0 AT:P (Attack Requirements Present) component confirms that specific deployment conditions - particularly instances bound to 0.0.0.0 or LAN-exposed with password authentication - elevate exposure, consistent with the vendor's own severity characterization in the release notes.

RemediationAI

Upgrade Hermes WebUI to version 0.51.44 (Release T) or later, which applies workspace validation via resolve_trusted_workspace() to the session import endpoint, closing the path traversal gap - the fix is in commit f00cb74f776f22f02f5eb6b39dfb389f87cc7fd3 and the release is available at https://github.com/nesquena/hermes-webui/releases/tag/v0.51.44. If immediate upgrade is not feasible, block or restrict the POST /api/session/import endpoint at the reverse proxy or WAF layer to prevent crafted imports - note this disables legitimate session import functionality as a trade-off. Additionally, avoid binding the WebUI to 0.0.0.0 on untrusted networks; restrict binding to localhost (127.0.0.1) or a trusted interface to reduce the PR:L attack surface to local accounts only. Audit existing sessions in the database for unexpected workspace values set to filesystem roots such as '/' or '/etc' as an indicator of prior exploitation.

CVE-2026-58123 CRITICAL
9.3 Jul 09

Unauthenticated remote code execution in Hermes WebUI before version 0.51.788 lets remote attackers run arbitrary shell

CVE-2026-58122 CRITICAL
9.3 Jul 09

Authentication bypass in Hermes WebUI before 0.51.307 lets unauthenticated remote attackers reach onboarding endpoints t

CVE-2026-55196 CRITICAL
9.1 Jun 17

Authentication bypass in Hermes WebUI before 0.51.409 allows unauthenticated remote attackers to register the first pass

CVE-2026-49973 CRITICAL
9.2 Jun 11

Unauthenticated initial-setup hijack in Hermes WebUI before 0.51.358 allows any remote attacker who can reach the settin

CVE-2026-53871 HIGH
8.6 Jun 17

Cross-profile authorization bypass in Hermes WebUI before 0.51.368 allows authenticated users to access sessions, files,

CVE-2026-6832 HIGH
7.2 Apr 21

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authentic

CVE-2026-11322 HIGH
7.1 Jun 04

Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files ou

CVE-2026-49956 HIGH
7.1 Jun 09

Cross-profile data disclosure in Hermes WebUI before 0.51.269 allows authenticated users to read session titles and tran

CVE-2026-55198 HIGH
7.1 Jun 17

Cross-profile session data exfiltration in Hermes WebUI before 0.51.443 lets any authenticated user retrieve session tra

CVE-2026-55197 HIGH
7.1 Jun 17

Cross-profile session disclosure in Hermes WebUI before 0.51.443 lets any authenticated user retrieve conversation trans

CVE-2026-49955 MEDIUM
6.9 Jun 09

Resource exhaustion in Hermes WebUI before v0.51.270 allows unauthenticated remote attackers to degrade service availabi

CVE-2026-55205 MEDIUM
6.9 Jun 18

Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint

Share

EUVD-2026-30109 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy