{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/hermes-agent--2026.4.23/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9353"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["hermes-agent (\u003c= 2026.4.23)"],"_cs_severities":["high"],"_cs_tags":["cve","code injection","remote code execution","web application"],"_cs_type":"advisory","_cs_vendors":["NousResearch"],"content_html":"\u003cp\u003eA security vulnerability, CVE-2026-9353, has been identified in NousResearch hermes-agent, affecting versions up to 2026.4.23. The vulnerability resides in the \u003ccode\u003eagent/skills_guard.py\u003c/code\u003e file within the Skills Guard Multi-Word Prompt Handler component. By manipulating the \u003ccode\u003eTHREAT_PATTERNS\u003c/code\u003e argument, a remote attacker can inject arbitrary code. Public disclosure of the exploit is available, increasing the risk of exploitation. The vendor was contacted regarding the vulnerability, but no response was received. This vulnerability allows for unauthenticated remote code execution, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable NousResearch hermes-agent instance running a version prior to 2026.4.23.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload designed to exploit the code injection vulnerability in the \u003ccode\u003eTHREAT_PATTERNS\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a specially crafted request to the hermes-agent server, embedding the malicious payload within the \u003ccode\u003eTHREAT_PATTERNS\u003c/code\u003e argument targeting the Skills Guard Multi-Word Prompt Handler.\u003c/li\u003e\n\u003cli\u003eThe hermes-agent server processes the request, failing to properly sanitize or validate the \u003ccode\u003eTHREAT_PATTERNS\u003c/code\u003e input.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the malicious payload is injected and executed by the server.\u003c/li\u003e\n\u003cli\u003eThe injected code allows the attacker to execute arbitrary commands on the server, potentially gaining shell access.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised server to perform further actions, such as data exfiltration or lateral movement within the network.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete system compromise and gains persistent access to the target environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9353 can lead to remote code execution on the affected NousResearch hermes-agent server. This could allow an attacker to gain complete control over the system, potentially leading to data breaches, service disruption, or further attacks on the internal network. Given the public availability of the exploit, the likelihood of exploitation is increased, posing a significant risk to organizations using vulnerable versions of hermes-agent.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade NousResearch hermes-agent to a version later than 2026.4.23 to remediate CVE-2026-9353.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-9353 Exploitation Attempt via Malicious THREAT_PATTERNS Argument\u0026rdquo; to detect potential exploitation attempts by monitoring HTTP requests for suspicious patterns.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on all user-supplied inputs to prevent code injection vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual activity originating from the hermes-agent server.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:44:43Z","date_published":"2026-05-26T13:44:43Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9353/","summary":"A remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.","title":"NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-9353)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9353/"}],"language":"en","title":"CraftedSignal Threat Feed — Hermes-Agent (\u003c= 2026.4.23)","version":"https://jsonfeed.org/version/1.1"}