CVE-2026-55197
MediumCVSS 6.5Summary
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles.
Risk Assessment
This vulnerability may lead to unauthorized access to sensitive information, posing privacy risks for users and potential legal consequences for the organization.
Recommendation
It is recommended to update Hermes WebUI to version 0.51.443 or later to mitigate this vulnerability. Additionally, conducting a security audit to identify and remediate other potential vulnerabilities is advisable.
Original NVD description (English source)
Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=<foreign_id>&messages=1 to retrieve unauthorized conversation transcripts and metadata.

