CVE-2026-7396

Vulnerability

The NousResearch hermes-agent version 0.8.0 contains a path traversal vulnerability (CWE-22) in the WeChat Work (WeCom) platform adapter, specifically in the file gateway/platforms/wecom.py [1]. The code processes file:// URLs for media attachments without validating that the resolved file path falls within an allowed directory, allowing arbitrary file reads [2].

Exploitation

An attacker who can send a message to the agent (e.g., via WeCom messaging) can trigger the vulnerability by including a file:// URL in a media attachment. The affected code resolves the path using .expanduser() and .resolve() but lacks a boundary check such as is_relative_to() [2]. No authentication beyond normal messaging access is required, making exploitation possible over the network [2].

Impact

Successful exploitation allows an attacker to read arbitrary files from the server's filesystem, including sensitive configuration files, SSH keys, API credentials, and other data that may lead to further compromise [2]. The vulnerability has a CVSS score of 7.5 (High) according to the issue report [2], though the official CVE rating is Medium (5.3).

Mitigation

As of the report date (2026-04-09), no patch has been released for version 0.8.0 [2]. Users are advised to restrict access to the agent, monitor for suspicious messages, and apply updates once available. The source code is open, so temporary fixes can be implemented by adding path validation in the affected code [1].