Nesquena Hermes-Webui vulnerabilities
15 known vulnerabilities affecting nesquena/hermes-webui.
Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM7LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-49973P2CRITICALCVSS 9.4fixed in 0.51.3582026-06-11
CVE-2026-49973 [CRITICAL] CWE-306 CVE-2026-49973: Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows u
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter to the settings API endpoint without any network origin restriction. Attackers on any reachable network can send a POST request to the settings endpoin
nvd
CVE-2026-49959P2HIGHCVSS 8.8fixed in 0.51.3112026-06-09
CVE-2026-49959 [HIGH] CWE-78 CVE-2026-49959: Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows auth
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in api/workspace_git.py through vectors such as core.fsmoni
nvd
CVE-2026-6832P3HIGHCVSS 8.1fixed in PR #4092026-04-21
CVE-2026-6832 [HIGH] CWE-22 CVE-2026-6832: Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter. Attackers can exploit unvalidated session identifiers to construct paths that bypass the S
nvd
CVE-2026-49957P3HIGHCVSS 7.7fixed in 0.51.2962026-06-09
CVE-2026-49957 [HIGH] CWE-22 CVE-2026-49957: Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate(). Attackers can configure a remote terminal working dir
nvd
CVE-2026-22677P3MEDIUMCVSS 6.5fixed in 0.51.442026-05-13
CVE-2026-22677 [MEDIUM] CWE-22 CVE-2026-22677: Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint
Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session f
nvd
CVE-2026-6829P3MEDIUMCVSS 6.3fixed in PR #4162026-04-21
CVE-2026-6829 [MEDIUM] CWE-22 CVE-2026-6829: nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta
nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/start, and /api/workspaces/add. Attackers can repoint a
nvd
CVE-2026-49956P3MEDIUMCVSS 6.5fixed in 0.51.2692026-06-09
CVE-2026-49956 [MEDIUM] CWE-862 CVE-2026-49956: Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows a
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message conten
nvd
CVE-2026-49955P3MEDIUMCVSS 5.3fixed in 0.51.2702026-06-09
CVE-2026-49955 [MEDIUM] CWE-770 CVE-2026-49955: Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauth
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the authentication endpoint, causing unbounded growth of the chal
nvd
CVE-2026-58174P4MEDIUMCVSS 6.5fixed in 0.51.5212026-06-30
CVE-2026-58174 [MEDIUM] CWE-732 CVE-2026-58174: Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named p
Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated as the default profile by the profile authorization ch
nvd
CVE-2026-55205P4MEDIUMCVSS 5.3fixed in 0.51.4682026-06-18
CVE-2026-55205 [MEDIUM] CWE-770 CVE-2026-55205: Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POS
Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and thread resources, potentially triggering repeated out
nvd
CVE-2026-49958P4MEDIUMCVSS 5.0fixed in 0.51.3032026-06-09
CVE-2026-49958 [MEDIUM] CWE-367 CVE-2026-49958: Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vu
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlink after validation but before deletion. Attackers
nvd
CVE-2026-6830P4LOWCVSS 3.3fixed in PR #3512026-04-21
CVE-2026-6830 [LOW] CWE-459 CVE-2026-6830: nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in ano
nvd
CVE-2026-53871HIGHCVSS 8.6fixed in 0.51.3682026-06-17
CVE-2026-53871 [HIGH] CWE-565 Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scope
cvelistv5
CVE-2026-55197HIGHCVSS 7.1fixed in 0.51.4432026-06-17
CVE-2026-55197 [HIGH] CWE-639 Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint
Hermes WebUI &messages=1 to retrieve unauthorized conversation transcripts and metadata.
cvelistv5
CVE-2026-55198HIGHCVSS 7.1fixed in 0.51.4432026-06-17
CVE-2026-55198 [HIGH] CWE-639 Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint
Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before se
cvelistv5