Attack Chain

1. The attacker identifies a vulnerable instance of NousResearch hermes-agent running a version up to 5157f5427f19488b31c6fdebbacd15d798ce7f63.
2. The attacker crafts a malicious input designed to be processed by the detect_dangerous_command function.
3. The attacker sends this crafted input to the vulnerable terminal_tool component.
4. The detect_dangerous_command function fails to properly sanitize the input, allowing the injection of OS commands.
5. The injected OS command is executed by the system with the privileges of the hermes-agent process.
6. The attacker gains arbitrary code execution on the target system.
7. The attacker may then install malware, exfiltrate sensitive data, or pivot to other systems within the network.

Impact

Successful exploitation of CVE-2026-9367 allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system. This can lead to a complete compromise of the system, including the theft of sensitive information, installation of malware, and potential lateral movement within the network. Given the nature of the hermes-agent as an agent, this vulnerability could potentially expose numerous systems if successfully exploited.

Recommendation

• Apply any available patches or updates provided by NousResearch to address CVE-2026-9367.
• Monitor network traffic for suspicious commands being sent to systems running hermes-agent. Deploy the provided Sigma rule Detect Hermes-Agent Command Injection via detect_dangerous_command to identify command injection attempts.
• Implement input validation and sanitization measures within the detect_dangerous_command function to prevent OS command injection.
• Review and restrict the permissions of the hermes-agent process to minimize the impact of successful exploitation.