Skip to content
Threat Feed

Product

Hermes-Agent (<= 2026.4.30)

1 brief RSS
high threat

NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-10220)

A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.

exploited hermes-agent cve code-injection
2r 1t 1c