CVE-2026-9353
HighSummary
A vulnerability has been detected in NousResearch hermes-agent up to version 2026.4.23, affecting an unknown function in the file agent/skills_guard.py of the Skills Guard Multi-Word Prompt Handler component. Manipulation of the argument THREAT_PATTERNS leads to injection.
Risk Assessment
Remote exploitation of this vulnerability is possible, posing a serious threat to system security. The public disclosure of the exploit increases the risk of attacks.
Recommendation
It is recommended to update to the latest version of hermes-agent to eliminate this vulnerability. Additionally, monitor systems for potential exploitation attempts.
Original NVD description (English source)
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

