Nousresearch Hermes Agent
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Nousresearch Hermes Agent.
By the Year
In 2026 there have been 16 vulnerabilities in Nousresearch Hermes Agent with an average score of 6.5 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 16 | 6.47 |
It may take a day or so for new Hermes Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nousresearch Hermes Agent Security Vulnerabilities
NousResearch Hermès Agent <=0.12.0 Auth Bypass via resume Endpoint Title Param
CVE-2026-11461
6.3 - Medium
- June 07, 2026
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Insecure Direct Object Reference / IDOR
NousResearch hermes-agent <= 2026.4.23: CredentialPool Improper Auth Bypass
CVE-2026-10548
5.3 - Medium
- June 02, 2026
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
authentification
NousResearch hermes-agent <= 2026.4.30 - Webhook Resource Exhaustion
CVE-2026-10224
5.3 - Medium
- June 01, 2026
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Resource Exhaustion
Hermes-agent memory injection via _scan_memory_content <= 2026.4.30
CVE-2026-10223
6.3 - Medium
- June 01, 2026
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Injection
NousResearch Hermes-Agent 2026.4.30 RCE via _sanitize_env_lines
CVE-2026-10222
5.6 - Medium
- June 01, 2026
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Injection
Hermes-Agent <=0.12.0 RCE via _compress_context
CVE-2026-10221
7.3 - High
- June 01, 2026
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Injection
NousResearch hermes-agent <=2026.4.30 Remote Injection via skills_tool.py
CVE-2026-10220
7.3 - High
- June 01, 2026
A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Injection
NousResearch hermes-agent 2026.4.23: Local CLI Web-Dashboard Arg Compare
CVE-2026-9369
5.3 - Medium
- May 24, 2026
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Incorrect Comparison
Sandbox Escape in NousResearch Hermes Agent <=2026.4.16 via EnvVar Handler
CVE-2026-9368
7.3 - High
- May 24, 2026
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Privilege Issues
OS Command Injection in Hermes-Agent terminal_tool
CVE-2026-9367
7.3 - High
- May 24, 2026
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Shell injection
Remote Injection via prompt_builder.py in NousResearch Hermes-agent 2026.4.23
CVE-2026-9366
7.3 - High
- May 24, 2026
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Injection
NousResearch hermes-agent <=2026.4.16 Remote Output Escaping Slack/Mattermost
CVE-2026-9354
6.5 - Medium
- May 24, 2026
A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Output Sanitization
NousResearch hermes-agent <2026.4.23: SG MW Prompt THREAT_PATTERNS injection
CVE-2026-9353
7.3 - High
- May 24, 2026
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Injection
Information Disclosure in NousResearch hermes-agent 2026.4.23 (Messaging Gateway Handler)
CVE-2026-9352
5.3 - Medium
- May 24, 2026
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Information Disclosure
NousResearch hermes-agent 2026.4.16 path traversal in read_file Tool
CVE-2026-9351
6.5 - Medium
- May 24, 2026
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Directory traversal
Missing Auth in Batch Runner of NousResearch Hermes-Agent 2026.4.16
CVE-2026-9350
7.3 - High
- May 24, 2026
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nousresearch Hermes Agent or by Nousresearch? Click the Watch button to subscribe.
