CVE Catalog

CVE-2026-9368

High
Published: Translated: NVD NIST

Summary

A vulnerability was identified in NousResearch hermes-agent up to version 2026.4.16, impacting the execute_code function in the tools/code_execution_tool.py file of the Environment Variable Handler component. This manipulation leads to a sandbox issue, allowing for remote attack.

Risk Assessment

This vulnerability poses a risk of remote attack, potentially leading to unauthorized access to the system. The publicly available exploit increases the likelihood of this vulnerability being exploited.

Recommendation

It is recommended to update to the latest version of NousResearch hermes-agent to mitigate this vulnerability. Additionally, monitoring systems for unauthorized activities is advised.

Original NVD description (English source)

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS