Skip to content
Threat Feed
high threat exploited

NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-10220)

A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.

A remote code injection vulnerability, CVE-2026-10220, affects NousResearch hermes-agent up to version 2026.4.30. The vulnerability resides within the _serve_plugin_skill/skill_view function of the tools/skills_tool.py file. Exploitation of this flaw could enable a remote attacker to inject arbitrary code into the application. The exploit has been publicly disclosed, increasing the risk of active exploitation. The vendor was contacted but did not respond. This vulnerability poses a significant risk to systems running affected versions of hermes-agent, potentially leading to unauthorized access, data breaches, or complete system compromise.

Attack Chain

  1. An attacker identifies a vulnerable hermes-agent instance running a version prior to 2026.4.30.
  2. The attacker crafts a malicious request targeting the _serve_plugin_skill/skill_view function within tools/skills_tool.py.
  3. This request includes specially crafted input designed to exploit the code injection vulnerability.
  4. The vulnerable function fails to properly sanitize the input, allowing the attacker’s code to be injected.
  5. The injected code is then executed by the hermes-agent application.
  6. The attacker leverages the injected code to gain unauthorized access to the system.
  7. The attacker may then escalate privileges, install malware, or exfiltrate sensitive data.

Impact

Successful exploitation of CVE-2026-10220 allows for remote code injection, potentially leading to complete system compromise. This could result in unauthorized data access, modification, or deletion, as well as the installation of malware and further propagation of attacks. The lack of vendor response exacerbates the risk, as no official patch or mitigation is available. Organizations using NousResearch hermes-agent are at significant risk until the vulnerability is addressed.

Recommendation

  • Monitor network traffic for suspicious requests targeting the _serve_plugin_skill/skill_view function as a proactive measure.
  • Deploy the Sigma rule provided below to detect potential exploitation attempts against the vulnerable function.
  • Consider implementing input validation and sanitization measures within the _serve_plugin_skill/skill_view function if source code access is available, to mitigate the vulnerability.
  • Monitor for unexpected process execution originating from the hermes-agent application.

Detection coverage 2

Detect CVE-2026-10220 Exploitation Attempt via HTTP Request

high

Detects CVE-2026-10220 exploitation attempt via suspicious HTTP requests to the vulnerable endpoint

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect Suspicious Process Execution by Hermes-Agent

medium

Detects suspicious processes spawned by the hermes-agent process, indicating potential code injection.

sigma tactics: execution techniques: T1059.004 sources: process_creation, linux

Detection queries are available on the platform. Get full rules →