Skip to main content

hermes-agent EUVD-2026-33856

| CVE-2026-10548 LOW
Improper Authentication (CWE-287)
2026-06-02 VulDB GHSA-g28j-ffjc-vcrh
Authentication Bypass Hermes Agent
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 02, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jun 02, 2026 - 02:22 NVD
5.3 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jun 02, 2026 - 01:43 vuln.today

DescriptionCVE.org

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authentication in NousResearch hermes-agent through version 2026.4.23 allows a local low-privileged attacker to manipulate the Credential Pool Synchronization component, specifically the _sync_anthropic_entry_from_credentials_file function in agent/credential_pool.py, bypassing authentication controls over Anthropic API credentials. A proof-of-concept exploit is publicly available on GitHub and the vendor did not respond to coordinated disclosure, leaving no patch available at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local shell access
Delivery
Locate hermes-agent credential_pool.py module
Exploit
Execute public POC exploit against credential sync function
Execution
Bypass authentication on _sync_anthropic_entry_from_credentials_file
Persist
Extract or substitute Anthropic API credentials from pool
Impact
Abuse harvested credentials externally
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an existing local operating system account with low privileges on the host running NousResearch hermes-agent (CVSS AV:L/PR:L confirmed) - remote, network-based exploitation is not possible based on available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.3 (Medium) reflects a constrained attack surface: local attack vector (AV:L), low complexity (AC:L), and low privileges required (PR:L), with partial confidentiality, integrity, and availability impact (C:L/I:L/A:L) and unchanged scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged shell account on a shared server running hermes-agent downloads the publicly available proof-of-concept from the GitHub gist and executes it locally, invoking or manipulating `_sync_anthropic_entry_from_credentials_file` to bypass authentication controls and extract or substitute Anthropic API credentials from the credential pool. The attacker then uses the harvested API key to make unauthorized requests to Anthropic's API, incurring billing charges or accessing data processed through the agent.
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to disclosure, and RL:X in the CVSS temporal vector confirms no remediation level has been defined. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33856 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy