Skip to content
Threat Feed

Product

Hermes-Agent (<= 2026.4.23)

1 brief RSS
high advisory

NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-9353)

A remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.

hermes-agent cve code injection remote code execution web application
2r 1t 1c