Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint

An authenticated attacker can bypass profile boundary checks by directly querying a known or guessed session ID belonging to another profile via `GET /api/session?session_id=<foreign_id>&messages=1` to retrieve unauthorized conversation transcripts and metadata. The same issue affects `GET /api/session/export?session_id=<foreign_id>` for full transcript JSON downloads. The `/api/sessions` list endpoint already scoped its rows to the active profile, but the by-id detail endpoints did not apply the same check, making them vulnerable to cross-profile information disclosure [ref_id=1].

The vulnerability exists in `api/routes.py` in the `handle_get` function (for `GET /api/session`) and the `_handle_session_export` function (for `GET /api/session/export`). Both endpoints loaded a session purely by its session ID without verifying that the session belonged to the request's active Hermes profile, allowing cross-profile disclosure. The patch adds a `_session_visible_to_active_profile` check that returns a 404 when the session's profile does not match the active profile [patch_id=6466842][patch_id=6466841].

The patch introduces a `_session_visible_to_active_profile` helper function in `api/routes.py` that compares the session's profile against the active profile using the existing `_profiles_match` function. This check is inserted early in both `handle_get` (for both regular sessions and CLI-session fallback) and `_handle_session_export`, returning a generic 404 "Session not found" response when the profiles do not match, which also avoids revealing the existence of foreign-profile sessions [patch_id=6466842][patch_id=6466841].