CVE-2026-55197
published 2026-06-17CVE-2026-55197: Hermes WebUI &messages=1 to retrieve unauthorized conversation transcripts and metadata.
high7.1CVSS 4.0
AVNACLATNPRLUINVCHVINVANSCNSINSAN
EPSS
0.27%
18.9th percentile
Hermes WebUI &messages=1 to retrieve unauthorized conversation transcripts and metadata.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nesquena | hermes-webui | < 0.51.443 | 0.51.443 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint
cvelistv5·2026-06-17·CVSS 7.1
CVE-2026-55197 [HIGH] CWE-639 Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint
Hermes WebUI &messages=1 to retrieve unauthorized conversation transcripts and metadata.
VulDB
nesquena hermes-webui up to 0.51.442 Conversation /api/session authorization (EUVD-2026-37778)
vuldb·2026-06-17
CVE-2026-55197 [LOW] nesquena hermes-webui up to 0.51.442 Conversation /api/session authorization (EUVD-2026-37778)
A vulnerability described as problematic has been identified in nesquena hermes-webui up to 0.51.442. This issue affects some unknown processing of the file /api/session of the component Conversation Handler. The manipulation results in authorization bypass.
This vulnerability is known as CVE-2026-55197. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
GHSA
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts.
ghsa_unreviewed·2026-06-17
CVE-2026-55197 [HIGH] CWE-639 Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts.
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=&messages=1 to retrieve unauthorized conversation transcripts and metadata.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published