Skip to content
Threat Feed

Vendor

NousResearch

7 briefs RSS
high advisory

NousResearch hermes-agent <= 0.12.0 Code Injection Vulnerability (CVE-2026-10221)

NousResearch hermes-agent up to version 0.12.0 is vulnerable to code injection in the _compress_context function of the run_agent.py file, allowing remote exploitation.

hermes-agent injection code injection cve-2026-10221
2r 1t 1c
high threat

NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-10220)

A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.

exploited hermes-agent cve code-injection
2r 1t 1c
high advisory

NousResearch hermes-agent Sandbox Vulnerability (CVE-2026-9368)

A vulnerability in NousResearch hermes-agent up to version 2026.4.16 allows for remote exploitation of the execute_code function, leading to a sandbox escape.

hermes-agent sandbox-escape remote-code-execution cve
2r 1t 1c
high advisory

NousResearch hermes-agent OS Command Injection Vulnerability (CVE-2026-9367)

NousResearch hermes-agent up to version 5157f5427f19488b31c6fdebbacd15d798ce7f63 is vulnerable to OS command injection (CVE-2026-9367) in the `detect_dangerous_command` function allowing a remote attacker to execute arbitrary commands.

hermes-agent command-injection vulnerability cve
2r 1t 1c
high advisory

NousResearch hermes-agent Injection Vulnerability (CVE-2026-9366)

A remote injection vulnerability exists in NousResearch hermes-agent 2026.4.23 within the _scan_context_content function of the agent/prompt_builder.py file, allowing attackers to inject malicious code.

hermes-agent cve injection
2r 1t 1c
high advisory

NousResearch hermes-agent Remote Code Injection Vulnerability (CVE-2026-9353)

A remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.

hermes-agent cve code injection remote code execution web application
2r 1t 1c
high advisory

NousResearch hermes-agent Missing Authorization Vulnerability (CVE-2026-9350)

A missing authorization vulnerability (CVE-2026-9350) exists in NousResearch hermes-agent up to version 2026.4.16, affecting the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component, enabling remote attackers to bypass authorization checks.

hermes-agent cve authorization
2r 1t 1c