{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/hermes-agent/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9367"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["hermes-agent"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["NousResearch"],"content_html":"\u003cp\u003eA vulnerability, identified as CVE-2026-9367, exists in NousResearch hermes-agent up to version 5157f5427f19488b31c6fdebbacd15d798ce7f63. The vulnerability resides within the \u003ccode\u003edetect_dangerous_command\u003c/code\u003e function located in the \u003ccode\u003etools/approval.py\u003c/code\u003e file of the \u003ccode\u003eterminal_tool\u003c/code\u003e component. This flaw enables a remote attacker to inject arbitrary operating system commands. Publicly available exploits exist, increasing the risk of exploitation. The vendor was notified about the vulnerability but has not responded. This vulnerability poses a significant risk to systems running vulnerable versions of hermes-agent, potentially allowing for complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of NousResearch hermes-agent running a version up to 5157f5427f19488b31c6fdebbacd15d798ce7f63.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input designed to be processed by the \u003ccode\u003edetect_dangerous_command\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker sends this crafted input to the vulnerable \u003ccode\u003eterminal_tool\u003c/code\u003e component.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edetect_dangerous_command\u003c/code\u003e function fails to properly sanitize the input, allowing the injection of OS commands.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the system with the privileges of the hermes-agent process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the target system.\u003c/li\u003e\n\u003cli\u003eThe attacker may then install malware, exfiltrate sensitive data, or pivot to other systems within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9367 allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system. This can lead to a complete compromise of the system, including the theft of sensitive information, installation of malware, and potential lateral movement within the network. Given the nature of the hermes-agent as an agent, this vulnerability could potentially expose numerous systems if successfully exploited.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates provided by NousResearch to address CVE-2026-9367.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious commands being sent to systems running hermes-agent. Deploy the provided Sigma rule \u003ccode\u003eDetect Hermes-Agent Command Injection via detect_dangerous_command\u003c/code\u003e to identify command injection attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within the \u003ccode\u003edetect_dangerous_command\u003c/code\u003e function to prevent OS command injection.\u003c/li\u003e\n\u003cli\u003eReview and restrict the permissions of the hermes-agent process to minimize the impact of successful exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:46:43Z","date_published":"2026-05-26T13:46:43Z","id":"https://feed.craftedsignal.io/briefs/2026-05-hermes-agent-command-injection/","summary":"NousResearch hermes-agent up to version 5157f5427f19488b31c6fdebbacd15d798ce7f63 is vulnerable to OS command injection (CVE-2026-9367) in the `detect_dangerous_command` function allowing a remote attacker to execute arbitrary commands.","title":"NousResearch hermes-agent OS Command Injection Vulnerability (CVE-2026-9367)","url":"https://feed.craftedsignal.io/briefs/2026-05-hermes-agent-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Hermes-Agent","version":"https://jsonfeed.org/version/1.1"}