VYPR

Vendor CVEs

NousResearch

All CVEs

22 total · sorted by risk
  • CVE-2026-9367HigMay 24, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. It is…

  • CVE-2026-10221HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly…

  • CVE-2026-10220HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-9368HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the…

  • CVE-2026-9366HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and…

  • CVE-2026-9353HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to…

  • CVE-2026-9350HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The…

  • CVE-2026-9354MedMay 24, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed…

  • CVE-2026-9351MedMay 24, 2026
    risk 0.42cvss 6.5epss 0.01

    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool. Performing a manipulation results in path traversal. The attack may be…

  • CVE-2026-11461MedJun 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to…

  • CVE-2026-10223MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the…

  • CVE-2026-10222MedJun 1, 2026
    risk 0.36cvss 5.6epss 0.00

    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires…

  • CVE-2026-7112MedApr 27, 2026
    risk 0.36cvss 5.6epss 0.00

    A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY Handler. The manipulation leads to improper authentication. The attack can be…

  • CVE-2026-10548MedJun 2, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper…

  • CVE-2026-10224MedJun 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption.…

  • CVE-2026-9369MedMay 24, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument…

  • CVE-2026-9352MedMay 24, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack…

  • CVE-2026-7396MedApr 29, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the…

  • CVE-2026-7113MedApr 27, 2026
    risk 0.29cvss 5.6epss 0.00

    A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication.…

  • CVE-2026-7397MedApr 29, 2026
    risk 0.22cvss 4.4epss 0.00

    A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public…

  • CVE-2026-53870Jun 17, 2026
    risk 0.00cvss epss 0.00

    Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain…

  • CVE-2026-53869Jun 17, 2026
    risk 0.00cvss epss 0.01

    Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events…