Sandbox Escape in NousResearch Hermes Agent <=2026.4.16 via EnvVar Handler
CVE-2026-9368 Published on May 24, 2026
NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Privilege Issues
Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.
Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Products Associated with CVE-2026-9368
Want to know whenever a new CVE is published for Nousresearch Hermes Agent? stack.watch will email you.
Affected Versions
NousResearch hermes-agent:- Version 2026.4.0 is affected.
- Version 2026.4.1 is affected.
- Version 2026.4.2 is affected.
- Version 2026.4.3 is affected.
- Version 2026.4.4 is affected.
- Version 2026.4.5 is affected.
- Version 2026.4.6 is affected.
- Version 2026.4.7 is affected.
- Version 2026.4.8 is affected.
- Version 2026.4.9 is affected.
- Version 2026.4.10 is affected.
- Version 2026.4.11 is affected.
- Version 2026.4.12 is affected.
- Version 2026.4.13 is affected.
- Version 2026.4.14 is affected.
- Version 2026.4.15 is affected.
- Version 2026.4.16 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.