Hermes-Agent (<= 2026.4.30) — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/hermes-agent--2026.4.30/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 01 Jun 2026 04:17:54 +0000NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-10220)https://feed.craftedsignal.io/briefs/2026-06-cve-2026-10220/Mon, 01 Jun 2026 04:17:54 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-06-cve-2026-10220/A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.A remote code injection vulnerability, CVE-2026-10220, affects NousResearch hermes-agent up to version 2026.4.30. The vulnerability resides within the _serve_plugin_skill/skill_view function of the tools/skills_tool.py file. Exploitation of this flaw could enable a remote attacker to inject arbitrary code into the application. The exploit has been publicly disclosed, increasing the risk of active exploitation. The vendor was contacted but did not respond. This vulnerability poses a significant risk to systems running affected versions of hermes-agent, potentially leading to unauthorized access, data breaches, or complete system compromise.

Attack Chain

  1. An attacker identifies a vulnerable hermes-agent instance running a version prior to 2026.4.30.
  2. The attacker crafts a malicious request targeting the _serve_plugin_skill/skill_view function within tools/skills_tool.py.
  3. This request includes specially crafted input designed to exploit the code injection vulnerability.
  4. The vulnerable function fails to properly sanitize the input, allowing the attacker’s code to be injected.
  5. The injected code is then executed by the hermes-agent application.
  6. The attacker leverages the injected code to gain unauthorized access to the system.
  7. The attacker may then escalate privileges, install malware, or exfiltrate sensitive data.

Impact

Successful exploitation of CVE-2026-10220 allows for remote code injection, potentially leading to complete system compromise. This could result in unauthorized data access, modification, or deletion, as well as the installation of malware and further propagation of attacks. The lack of vendor response exacerbates the risk, as no official patch or mitigation is available. Organizations using NousResearch hermes-agent are at significant risk until the vulnerability is addressed.

Recommendation

  • Monitor network traffic for suspicious requests targeting the _serve_plugin_skill/skill_view function as a proactive measure.
  • Deploy the Sigma rule provided below to detect potential exploitation attempts against the vulnerable function.
  • Consider implementing input validation and sanitization measures within the _serve_plugin_skill/skill_view function if source code access is available, to mitigate the vulnerability.
  • Monitor for unexpected process execution originating from the hermes-agent application.
]]>highthreatcvecode-injectionhermes-agent