CVE-2026-10224
Description
Unauthenticated requests to the Feishu webhook endpoint in hermes-agent consume the rate-limit bucket, enabling remote denial of service against legitimate signed requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated requests to the Feishu webhook endpoint in hermes-agent consume the rate-limit bucket, enabling remote denial of service against legitimate signed requests.
Vulnerability
The vulnerability resides in the _handle_webhook_request function in gateway/platforms/feishu.py of NousResearch hermes-agent up to version 2026.4.30. The rate-limiting check is performed before verification token and signature validation, meaning any request—even those with invalid signatures—increments the same per-source rate-limit bucket keyed by (app_id, webhook_path, remote_ip). This design flaw allows unauthenticated traffic to exhaust the bucket. [1]
Exploitation
An attacker can remotely send repeated webhook requests with invalid signatures without any authentication. Each request consumes the shared rate-limit bucket. Once the bucket is exhausted, subsequent legitimate signed webhook requests from the same source IP are rejected with an HTTP 429 status. A public proof-of-concept exploit script is available. [1]
Impact
Successful exploitation results in denial of service: valid webhook deliveries are blocked, preventing the application from processing legitimate events. No data confidentiality or integrity is compromised, but availability is degraded. The attacker does not gain any privileged access. [1]
Mitigation
As of the publication date, the vendor has not responded and no official patch has been released. Users can mitigate by implementing additional rate limiting or authentication checks before the existing rate limiter, or by restricting access to the webhook endpoint to trusted IP addresses. [1]
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=2026.04.30
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Rate limiting is enforced before authentication checks, allowing unauthenticated requests to consume the shared rate-limit bucket."
Attack vector
An external attacker with network access to the Feishu webhook endpoint sends repeated HTTP requests with invalid signatures. Because rate limiting is enforced before authentication checks [CWE-307], each invalid request consumes the same per-source rate-limit bucket used by legitimate traffic. Once the bucket is exhausted, subsequent valid signed webhook deliveries are rejected with HTTP 429, causing a denial of service [ref_id=1].
Affected code
The vulnerability is in `gateway/platforms/feishu.py`, specifically in `_handle_webhook_request`. Rate limiting is applied before verification token and signature checks, allowing unauthenticated requests to consume the shared rate-limit bucket [ref_id=1].
What the fix does
No patch is available in the bundle; the vendor did not respond to the disclosure [ref_id=1]. The advisory recommends moving the verification token and signature checks before the rate-limit enforcement, so that unauthenticated requests are rejected without consuming the rate-limit bucket. This would prevent attackers from exhausting the bucket with invalid signatures.
Preconditions
- networkNetwork access to the Feishu webhook endpoint
- inputAbility to send repeated HTTP requests with invalid signatures
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
1- Hermes Agent: Five Injection Flaws Disclosed, Two High-Severity with Public ExploitsVypr Intelligence · Jun 1, 2026