Skip to main content

hermes-agent EUVDEUVD-2026-31564

| CVE-2026-9352 MEDIUM
Information Exposure (CWE-200)
2026-05-24 VulDB GHSA-8r48-r96c-p95w
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
May 26, 2026 - 19:52 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
May 24, 2026 - 05:16 vuln.today

DescriptionCVE.org

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Information disclosure in NousResearch hermes-agent allows remote unauthenticated attackers to extract sensitive data via crafted requests to the Messaging Gateway Handler's environment configuration function. The vulnerability affects versions up to 2026.4.23 with publicly available exploit code demonstrating the attack. EPSS data not provided, but public POC availability increases immediate risk. Vendor has not responded to disclosure, suggesting no official patch timeline.

Technical ContextAI

The vulnerability resides in the _make_run_env function within tools/environments/local.py, which handles environment configuration for the Messaging Gateway Handler component of hermes-agent. The affected product (CPE: cpe:2.3:a:nousresearch:hermes-agent) is an AI agent framework from NousResearch. The root cause is CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating the function improperly exposes environment variables, configuration details, or internal system information that should remain protected. The Messaging Gateway Handler likely processes incoming agent communication requests, and the _make_run_env function appears responsible for setting up execution contexts with access to potentially sensitive runtime configuration.

RemediationAI

No official vendor patch is available as NousResearch has not responded to vulnerability disclosure. Organizations running hermes-agent <=2026.4.23 should implement the following compensating controls in order of priority: (1) Restrict network access to the Messaging Gateway Handler using firewall rules or network segmentation to trusted IP ranges only, reducing AV:N to AV:A; trade-off is reduced agent accessibility for legitimate remote clients. (2) Implement authentication proxy or API gateway in front of hermes-agent endpoints to enforce PR:L/PR:H requirements, though this may break existing integrations expecting unauthenticated access. (3) Review tools/environments/local.py code (specifically _make_run_env function) to identify exposed environment variables and sanitize or remove sensitive data from runtime environment; this requires code modification skills and introduces maintenance burden for future updates. (4) Monitor logs for unusual queries to environment configuration endpoints using patterns from the public exploit (https://gist.github.com/YLChen-007/760b3940f708990e535214529c0c7a27). Consider migrating to alternative AI agent frameworks with active security maintenance if NousResearch remains unresponsive.

CVE-2026-9367 MEDIUM POC
5.5 May 24

Remote command injection in NousResearch hermes-agent allows unauthenticated attackers to execute arbitrary OS commands

CVE-2026-14628 MEDIUM POC
5.5 Jul 04

Path traversal in NousResearch hermes-agent (all versions through 2026.5.16) exposes arbitrary server-side files via the

CVE-2026-9351 MEDIUM POC
5.5 May 24

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass

CVE-2026-9368 MEDIUM POC
5.5 May 24

Remote sandbox escape in NousResearch hermes-agent versions up to 2026.4.16 allows unauthenticated attackers to manipula

CVE-2026-10221 MEDIUM POC
5.5 Jun 01

Remote code/prompt injection in NousResearch Hermes Agent through 0.12.0 stems from improper neutralization in the _comp

CVE-2026-10220 MEDIUM POC
5.5 Jun 01

Remote injection in NousResearch Hermes Agent through version 2026.4.30 allows unauthenticated attackers to manipulate t

CVE-2026-9366 MEDIUM POC
5.5 May 24

Code injection in NousResearch hermes-agent 2026.4.23 allows remote unauthenticated attackers to inject and execute arbi

CVE-2026-9353 MEDIUM POC
5.5 May 24

Remote injection vulnerability in NousResearch hermes-agent versions up to 2026.4.23 enables unauthenticated attackers t

CVE-2026-10224 MEDIUM POC
5.5 Jun 01

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenti

CVE-2026-9350 MEDIUM POC
5.5 May 24

Missing authorization in NousResearch hermes-agent versions up to 2026.4.16 allows remote attackers to bypass authentica

CVE-2026-7396 MEDIUM POC
5.5 Apr 29

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality

CVE-2026-53869 HIGH
8.7 Jun 17

DNS rebinding in NousResearch Hermes Agent prior to 0.16.0 allows remote attackers to reach privileged local WebSocket e

Share

EUVD-2026-31564 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy