{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/hermes-agent--2026.4.30/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-10220"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["hermes-agent (\u003c= 2026.4.30)"],"_cs_severities":["high"],"_cs_tags":["cve","code-injection","hermes-agent"],"_cs_type":"threat","_cs_vendors":["NousResearch"],"content_html":"\u003cp\u003eA remote code injection vulnerability, CVE-2026-10220, affects NousResearch hermes-agent up to version 2026.4.30. The vulnerability resides within the \u003ccode\u003e_serve_plugin_skill/skill_view\u003c/code\u003e function of the \u003ccode\u003etools/skills_tool.py\u003c/code\u003e file. Exploitation of this flaw could enable a remote attacker to inject arbitrary code into the application. The exploit has been publicly disclosed, increasing the risk of active exploitation. The vendor was contacted but did not respond. This vulnerability poses a significant risk to systems running affected versions of hermes-agent, potentially leading to unauthorized access, data breaches, or complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable hermes-agent instance running a version prior to 2026.4.30.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003e_serve_plugin_skill/skill_view\u003c/code\u003e function within \u003ccode\u003etools/skills_tool.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis request includes specially crafted input designed to exploit the code injection vulnerability.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function fails to properly sanitize the input, allowing the attacker\u0026rsquo;s code to be injected.\u003c/li\u003e\n\u003cli\u003eThe injected code is then executed by the hermes-agent application.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the injected code to gain unauthorized access to the system.\u003c/li\u003e\n\u003cli\u003eThe attacker may then escalate privileges, install malware, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10220 allows for remote code injection, potentially leading to complete system compromise. This could result in unauthorized data access, modification, or deletion, as well as the installation of malware and further propagation of attacks. The lack of vendor response exacerbates the risk, as no official patch or mitigation is available. Organizations using NousResearch hermes-agent are at significant risk until the vulnerability is addressed.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests targeting the \u003ccode\u003e_serve_plugin_skill/skill_view\u003c/code\u003e function as a proactive measure.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential exploitation attempts against the vulnerable function.\u003c/li\u003e\n\u003cli\u003eConsider implementing input validation and sanitization measures within the \u003ccode\u003e_serve_plugin_skill/skill_view\u003c/code\u003e function if source code access is available, to mitigate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected process execution originating from the hermes-agent application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T04:17:54Z","date_published":"2026-06-01T04:17:54Z","id":"https://feed.craftedsignal.io/briefs/2026-06-cve-2026-10220/","summary":"A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.","title":"NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-10220)","url":"https://feed.craftedsignal.io/briefs/2026-06-cve-2026-10220/"}],"language":"en","title":"CraftedSignal Threat Feed — Hermes-Agent (\u003c= 2026.4.30)","version":"https://jsonfeed.org/version/1.1"}