{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/hermes-agent--0.12.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-10221"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["hermes-agent (\u003c= 0.12.0)"],"_cs_severities":["high"],"_cs_tags":["injection","code injection","cve-2026-10221"],"_cs_type":"advisory","_cs_vendors":["NousResearch"],"content_html":"\u003cp\u003eA code injection vulnerability, tracked as CVE-2026-10221, affects NousResearch hermes-agent versions up to 0.12.0. The vulnerability resides within the \u003ccode\u003e_compress_context\u003c/code\u003e function of the \u003ccode\u003erun_agent.py\u003c/code\u003e file, allowing for potential code injection through manipulation of input. Remote exploitation is possible, and a public exploit is reportedly available. The vendor was notified but has not responded. This vulnerability allows an attacker to execute arbitrary code on systems running a vulnerable version of hermes-agent.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable instance of NousResearch hermes-agent running version 0.12.0 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious input string designed to exploit the code injection vulnerability in the \u003ccode\u003e_compress_context\u003c/code\u003e function within \u003ccode\u003erun_agent.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious input to the vulnerable function, likely through a network request, triggering the injection point.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e_compress_context\u003c/code\u003e function processes the attacker-controlled input without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe malicious input is interpreted as code and executed by the hermes-agent application, potentially granting the attacker control over the system.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the injected code to establish persistence on the compromised system, allowing for continued access.\u003c/li\u003e\n\u003cli\u003eAttacker pivots to other internal systems and attempts to access or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to arbitrary code execution on the affected system. This could allow an attacker to gain complete control over the hermes-agent instance, potentially leading to data theft, system compromise, or further lateral movement within the network. Due to the nature of the software, this is especially dangerous in AI/ML environments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization to the \u003ccode\u003e_compress_context\u003c/code\u003e function in \u003ccode\u003erun_agent.py\u003c/code\u003e (reference CVE-2026-10221).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2026-10221 Exploitation Attempt via run_agent.py\u003c/code\u003e to your SIEM and tune for your environment to detect exploitation attempts targeting the vulnerable function.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity targeting NousResearch hermes-agent, especially related to calls to the \u003ccode\u003e_compress_context\u003c/code\u003e function.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T04:18:07Z","date_published":"2026-06-01T04:18:07Z","id":"https://feed.craftedsignal.io/briefs/2026-06-cve-2026-10221-hermes-agent-injection/","summary":"NousResearch hermes-agent up to version 0.12.0 is vulnerable to code injection in the _compress_context function of the run_agent.py file, allowing remote exploitation.","title":"NousResearch hermes-agent \u003c= 0.12.0 Code Injection Vulnerability (CVE-2026-10221)","url":"https://feed.craftedsignal.io/briefs/2026-06-cve-2026-10221-hermes-agent-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Hermes-Agent (\u003c= 0.12.0)","version":"https://jsonfeed.org/version/1.1"}