Product

Hermes-Agent (<= 2026.4.16)

2 briefs RSS

NousResearch hermes-agent Sandbox Vulnerability (CVE-2026-9368)

A vulnerability in NousResearch hermes-agent up to version 2026.4.16 allows for remote exploitation of the execute_code function, leading to a sandbox escape.

hermes-agent sandbox-escape remote-code-execution cve

2r 1t 1c 1h ago

high advisory

NousResearch hermes-agent Missing Authorization Vulnerability (CVE-2026-9350)

2 rules 1 TTP 1 CVE

A missing authorization vulnerability (CVE-2026-9350) exists in NousResearch hermes-agent up to version 2026.4.16, affecting the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component, enabling remote attackers to bypass authorization checks.

hermes-agent cve authorization

2r 1t 1c 1h ago