CVE Catalog

CVE-2026-9350

High
Published: Translated: NVD NIST

Summary

A vulnerability was identified in NousResearch hermes-agent up to version 2026.4.16, affecting the function check_all_command_guards in the file tools/approval.py of the Batch Runner component. Manipulation of this function leads to missing authorization.

Risk Assessment

The attack can be launched remotely, and publicly available exploits increase the risk of this vulnerability being exploited.

Recommendation

It is recommended to update to the latest version of hermes-agent to mitigate this vulnerability and to monitor systems for unauthorized activities.

Original NVD description (English source)

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS