Product
An unauthenticated remote code execution vulnerability, CVE-2026-58123, exists in Hermes WebUI versions prior to 0.51.788, allowing remote attackers to execute arbitrary shell commands by accessing exposed terminal API endpoints without credentials, leading to full command execution as the server process user.