Attack Chain

1. Attacker identifies a vulnerable instance of NousResearch hermes-agent running version 2026.4.23.
2. Attacker crafts a malicious input string designed to exploit the injection vulnerability in the _scan_context_content function.
3. Attacker sends the crafted input to the vulnerable function, potentially through a network request or API call.
4. The _scan_context_content function fails to properly neutralize special elements within the input, leading to code injection.
5. The injected code is executed within the context of the hermes-agent application.
6. The attacker gains control over parts of the application.
7. The attacker escalates privileges within the application.
8. The attacker achieves arbitrary code execution on the server.

Impact

Successful exploitation of CVE-2026-9366 can allow an attacker to execute arbitrary code on the server running NousResearch hermes-agent. The affected version is 2026.4.23. Given the nature of injection vulnerabilities, it’s plausible that attackers could leverage this to gain full control over the system, potentially leading to data breaches, service disruption, or further lateral movement within the network.

Recommendation

• Upgrade NousResearch hermes-agent to a patched version that addresses CVE-2026-9366 (no version available).
• Implement input validation and sanitization for the _scan_context_content function in agent/prompt_builder.py to prevent injection attacks.
• Monitor network traffic for suspicious patterns and payloads targeting the hermes-agent application.
• Deploy the Sigma rules provided below to your SIEM to detect potential exploitation attempts of CVE-2026-9366.
• Enable and review application logs for anomalies related to the _scan_context_content function.