Vendor
NousResearch hermes-agent Sandbox Vulnerability (CVE-2026-9368)
2 rules 1 TTP 1 CVEA vulnerability in NousResearch hermes-agent up to version 2026.4.16 allows for remote exploitation of the execute_code function, leading to a sandbox escape.
NousResearch hermes-agent OS Command Injection Vulnerability (CVE-2026-9367)
2 rules 1 TTP 1 CVENousResearch hermes-agent up to version 5157f5427f19488b31c6fdebbacd15d798ce7f63 is vulnerable to OS command injection (CVE-2026-9367) in the `detect_dangerous_command` function allowing a remote attacker to execute arbitrary commands.
NousResearch hermes-agent Injection Vulnerability (CVE-2026-9366)
2 rules 1 TTP 1 CVEA remote injection vulnerability exists in NousResearch hermes-agent 2026.4.23 within the _scan_context_content function of the agent/prompt_builder.py file, allowing attackers to inject malicious code.
NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-9353)
2 rules 1 TTP 1 CVEA remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.
NousResearch hermes-agent Missing Authorization Vulnerability (CVE-2026-9350)
2 rules 1 TTP 1 CVEA missing authorization vulnerability (CVE-2026-9350) exists in NousResearch hermes-agent up to version 2026.4.16, affecting the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component, enabling remote attackers to bypass authorization checks.