CVE-2026-53871
published 2026-06-17CVE-2026-53871: Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie Hermes WebUI before 0.51.368 contains an authorization bypass…
high8.6CVSS 4.0
AVNACLATNPRLUINVCHVIHVANSCNSINSAN
EPSS
0.36%
28.4th percentile
Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nesquena | hermes-webui | < 0.51.368 | 0.51.368 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie.
ghsa_unreviewed·2026-06-17
CVE-2026-53871 [HIGH] CWE-565 Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie.
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
CVEList
Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
cvelistv5·2026-06-17·CVSS 8.6
CVE-2026-53871 [HIGH] CWE-565 Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
VulDB
nesquena hermes-webui up to 0.51.367 get_profile_cookie cookie validation
vuldb·2026-06-17
CVE-2026-53871 [CRITICAL] nesquena hermes-webui up to 0.51.367 get_profile_cookie cookie validation
A vulnerability identified as critical has been detected in nesquena hermes-webui up to 0.51.367. Affected by this issue is the function get_profile_cookie. Performing a manipulation results in cookies without validation.
This vulnerability is reported as CVE-2026-53871. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published