CVE-2026-9366
HighSummary
A vulnerability was found in NousResearch hermes-agent version 2026.4.23, concerning the function _scan_context_content in the file agent/prompt_builder.py. The manipulation results in injection that can be performed remotely.
Risk Assessment
An attacker could exploit this vulnerability for remote injection of malicious code, posing a serious security threat to the system.
Recommendation
It is recommended to update to the latest version of hermes-agent to mitigate this vulnerability and to monitor the system for unauthorized activities.
Original NVD description (English source)
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

