Skip to main content

hermes-agent EUVD-2026-34992

| CVE-2026-11461 LOW
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-07 VulDB GHSA-9396-xwf6-94hp
Authentication Bypass Hermes Agent
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 07, 2026 - 22:22 NVD
MEDIUM LOW
CVSS changed
Jun 07, 2026 - 22:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jun 07, 2026 - 22:13 vuln.today

DescriptionCVE.org

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Authorization bypass in NousResearch hermes-agent up to 0.12.0 allows remote low-privileged authenticated attackers to access or manipulate sessions belonging to other users by supplying an arbitrary session title to the resume endpoint's resolve_session_by_title function without ownership verification. A public proof-of-concept exploit has been disclosed via GitHub Gist, and the vendor did not respond to pre-disclosure contact, meaning no patch is currently available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged account credentials
Delivery
Send crafted HTTP request to resume endpoint
Exploit
Supply victim session title as title argument
Execution
Bypass ownership check in resolve_session_by_title
Impact
Retrieve or hijack target user's agent session data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must possess a valid low-privileged account on the target hermes-agent instance, as confirmed by the CVSS vector PR:L - unauthenticated actors cannot exploit this without first obtaining credentials. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.3 (Medium) reflects AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - network-reachable, low complexity, requiring only low-privileged authentication with no user interaction and unchanged scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A publicly available proof-of-concept exploit exists at https://gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607. An attacker with a valid low-privileged account sends a crafted HTTP request to the hermes-agent resume endpoint, supplying the known or guessed title of another user's agent session as the `title` argument. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to pre-disclosure contact, so no fix version is confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34992 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy