The vulnerability exists in Hermes Agent versions earlier than 0.16.0. It allows attackers to bypass the Host and Origin header checks on WebSocket upgrade requests to the /api/pty, /api/ws, /api/pub, and /api/events endpoints. Because the FastAPI HTTP middleware is not executed for these WebSocket upgrade requests, an attacker can use a DNS rebinding technique to send malicious commands to the agent or read terminal output, leading to remote code execution and compromising confidentiality and integrity of the affected system. The weakness is identified as CWE‑306: Missing Authentication for Critical Function.

Affected software is Hermes Agent from NousResearch, any deployment running a pre‑0.16.0 version. Users of the default WebSocket endpoints /api/pty, /api/ws, /api/pub, and /api/events are impacted, as the underlying middleware does not validate host or origin during the WebSocket handshake.

The CVSS score of 8.7 indicates a high severity, but the EPSS score of less than 1 % suggests that the vulnerability is unlikely to be widely exploited at present. The attack requires remote network access to the Hermes Agent service and the ability to perform a DNS rebinding attack. While no publicly available exploit is listed and hedged is not in KEV, anyone able to negotiate a WebSocket upgrade to the affected endpoints could deliver harmful payloads. Remediation by upgrading is the recommended path to eliminate the risk.