CVE-2026-10220 - Vulnerability Details

- NousResearch hermes-agent skills_tool.py skill_view injection

Description

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-06-01

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the _serve_plugin_skill/skill_view function located in tools/skills_tool.py of NousResearch Hermes Agent allows an attacker to manipulate input data in a way that causes injection of arbitrary code or commands. This vulnerability can be leveraged from a remote location, giving the attacker the ability to execute unintended instructions within the agent’s runtime environment. The resulting impact is the potential compromise of system confidentiality, integrity, or availability, as the injected payload could modify agent behavior or exfiltrate sensitive data.

Affected Systems

Any deployment of NousResearch Hermes Agent up to and including version 2026.4.30 is potentially affected. The vulnerability is not present in later releases, but without a confirmed patch timeline the only known mitigation is to upgrade beyond the stated version or otherwise remove the exposed function.

Risk and Exploitability

The CVSS base score of 6.9 reflects a moderate severity, combined with a publicly disclosed exploit that may be available in the wild. Although the EPSS score is not published, the lack of a KEV listing suggests the vulnerability has not yet escalated to a high priority attack surface, yet the remote injection capability warrants prompt attention. Attackers would need to reach the agent’s endpoint and submit crafted input; if successful, they could gain code execution privileges on the host running the agent.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NousResearch

hermes-agent

affected

Version	Status	Constraints
`2026.4.0`	affected	—
`2026.4.1`	affected	—
`2026.4.2`	affected	—
`2026.4.3`	affected	—
`2026.4.4`	affected	—
`2026.4.5`	affected	—
`2026.4.6`	affected	—
`2026.4.7`	affected	—
`2026.4.8`	affected	—
`2026.4.9`	affected	—
`2026.4.10`	affected	—
`2026.4.11`	affected	—
`2026.4.12`	affected	—
`2026.4.13`	affected	—
`2026.4.14`	affected	—
`2026.4.15`	affected	—
`2026.4.16`	affected	—
`2026.4.17`	affected	—
`2026.4.18`	affected	—
`2026.4.19`	affected	—
`2026.4.20`	affected	—
`2026.4.21`	affected	—
`2026.4.22`	affected	—
`2026.4.23`	affected	—
`2026.4.24`	affected	—
`2026.4.25`	affected	—
`2026.4.26`	affected	—
`2026.4.27`	affected	—
`2026.4.28`	affected	—
`2026.4.29`	affected	—
`2026.4.30`	affected	—

No data.

Vendor Product Confidence Versions

Nousresearch

Hermes-agent

95%

Version	Status	Scheme	Platform
`[2026.4.0,2026.4.30]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Hermes Agent to a version released after 2026.4.30 where _serve_plugin_skill/skill_view is fixed
If an upgrade cannot be performed immediately, limit exposure by disabling or firewalling the endpoint that provides skill_view or by enforcing strict access controls to trusted hosts only
Validate and sanitize all input parameters to skill_view, ensuring that no untrusted data can be interpreted as executable code or commands, in line with CWE-74 mitigation best practices

Generated by OpenCVE AI on June 1, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://gist.github.com/YLChen-007/9dd399c6f75b31fa741a613dfd41de08
https://vuldb.com/cve/CVE-2026-10220
https://vuldb.com/submit/822018
https://vuldb.com/vuln/367499
https://vuldb.com/vuln/367499/cti

History

Mon, 01 Jun 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title		NousResearch hermes-agent skills_tool.py skill_view injection
First Time appeared		Nousresearch Nousresearch hermes-agent
Weaknesses		CWE-707 CWE-74
CPEs		cpe:2.3:a:nousresearch:hermes-agent::::::::
Vendors & Products		Nousresearch Nousresearch hermes-agent
References		https://gist.github.com/YLChen-007/9dd399c6f75b31fa741a613dfd41de08 https://vuldb.com/cve/CVE-2026-10220 https://vuldb.com/submit/822018 https://vuldb.com/vuln/367499 https://vuldb.com/vuln/367499/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Nousresearch Hermes-agent

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T03:30:09.923Z

Updated: 2026-06-01T03:30:09.923Z

Reserved: 2026-05-31T07:51:21.351Z

Link: CVE-2026-10220

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-01T04:16:21.260

Modified: 2026-06-01T04:16:21.260

Link: CVE-2026-10220

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T06:30:21Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object