CVE-2026-14625
MediumCVSS 6.3Summary
A security vulnerability has been discovered in NousResearch hermes-agent up to version 0.15.2, specifically in the shell.exec function within tui_gateway/server.py. The issue involves a protection mechanism failure, allowing remote exploitation. The exploit has been publicly released and may be used in attacks.
Risk Assessment
The organization is at risk of remote code execution or unauthorized command execution, potentially leading to data breaches, service disruption, or further compromise of internal network resources.
Recommendation
Immediately update the hermes-agent library to a version newer than 0.15.2 if available, or apply temporary mitigations such as restricting access to the TUI Gateway interface and monitoring logs for suspicious activity.
Original NVD description (English source)
A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

