https://feed.craftedsignal.io/tags/hermes-agent/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 26 May 2026 13:46:26 +0000https://feed.craftedsignal.io/briefs/2026-05-nousresearch-injection/Tue, 26 May 2026 13:46:26 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-nousresearch-injection/A remote injection vulnerability exists in NousResearch hermes-agent 2026.4.23 within the _scan_context_content function of the agent/prompt_builder.py file, allowing attackers to inject malicious code.A vulnerability, identified as CVE-2026-9366, has been discovered in NousResearch hermes-agent version 2026.4.23. This injection vulnerability resides within the _scan_context_content function located in the agent/prompt_builder.py file. The vulnerability can be exploited remotely, and publicly available exploits exist. The vendor was contacted about the disclosure but did not respond. This vulnerability matters because it allows attackers to inject malicious code into the application potentially leading to arbitrary code execution.

Attack Chain

1. Attacker identifies a vulnerable instance of NousResearch hermes-agent running version 2026.4.23.
2. Attacker crafts a malicious input string designed to exploit the injection vulnerability in the _scan_context_content function.
3. Attacker sends the crafted input to the vulnerable function, potentially through a network request or API call.
4. The _scan_context_content function fails to properly neutralize special elements within the input, leading to code injection.
5. The injected code is executed within the context of the hermes-agent application.
6. The attacker gains control over parts of the application.
7. The attacker escalates privileges within the application.
8. The attacker achieves arbitrary code execution on the server.

Impact

Successful exploitation of CVE-2026-9366 can allow an attacker to execute arbitrary code on the server running NousResearch hermes-agent. The affected version is 2026.4.23. Given the nature of injection vulnerabilities, it’s plausible that attackers could leverage this to gain full control over the system, potentially leading to data breaches, service disruption, or further lateral movement within the network.

Recommendation

• Upgrade NousResearch hermes-agent to a patched version that addresses CVE-2026-9366 (no version available).
• Implement input validation and sanitization for the _scan_context_content function in agent/prompt_builder.py to prevent injection attacks.
• Monitor network traffic for suspicious patterns and payloads targeting the hermes-agent application.
• Deploy the Sigma rules provided below to your SIEM to detect potential exploitation attempts of CVE-2026-9366.
• Enable and review application logs for anomalies related to the _scan_context_content function.

]]>highadvisorycveinjectionhermes-agenthttps://feed.craftedsignal.io/briefs/2026-05-cve-2026-9350-hermes-agent-auth-bypass/Tue, 26 May 2026 13:44:22 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-cve-2026-9350-hermes-agent-auth-bypass/A missing authorization vulnerability (CVE-2026-9350) exists in NousResearch hermes-agent up to version 2026.4.16, affecting the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component, enabling remote attackers to bypass authorization checks.A missing authorization vulnerability, identified as CVE-2026-9350, affects NousResearch hermes-agent up to version 2026.4.16. The flaw resides within the check_all_command_guards function in the tools/approval.py file, a part of the Batch Runner component. Successful exploitation of this vulnerability allows remote attackers to bypass authorization checks, potentially leading to unauthorized command execution or data access. Publicly available exploit code exists, increasing the risk of exploitation. The vendor was notified but has not responded. This vulnerability was published on 2026-05-24.

Attack Chain

1. Attacker identifies a vulnerable hermes-agent instance running a version prior to 2026.4.16.
2. The attacker crafts a malicious request targeting the Batch Runner component.
3. The request is designed to invoke functionality that relies on the check_all_command_guards function.
4. Due to the missing authorization check, the attacker bypasses the intended access controls.
5. The attacker executes unauthorized commands or accesses restricted data within the Batch Runner component.
6. The attacker leverages the unauthorized access to escalate privileges or gain further control over the system.
7. The attacker may install malware, exfiltrate sensitive data, or disrupt services.

Impact

Successful exploitation of CVE-2026-9350 can lead to unauthorized access to sensitive data, execution of arbitrary commands, and potential system compromise. This can result in data breaches, service disruption, and reputational damage. The fact that the exploit is publicly available increases the likelihood of widespread exploitation.

Recommendation

• Upgrade NousResearch hermes-agent to a version later than 2026.4.16 to remediate CVE-2026-9350.
• Monitor network traffic for suspicious requests targeting the Batch Runner component of hermes-agent using the “Detect Suspicious Hermes-Agent Batch Runner Requests” Sigma rule.
• Deploy the “Detect Unauthorized Command Execution via Hermes-Agent” Sigma rule to identify potential exploitation attempts.

]]>highadvisorycveauthorizationhermes-agent