Description
Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.
Published: 2026-06-17
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Hermes Agent prior to version 0.16.0 creates the files response_store.db and webhook_subscriptions.json with world‑readable permissions (mode 0o644). This allows any local system user to read conversation histories, tool payloads, prompts, and per‑route HMAC secrets, compromising the confidentiality of the data processed by the agent.

Affected Systems

The vulnerability affects the NousResearch Hermes Agent product. Any deployment of Hermes Agent before version 0.16.0 is susceptible; specific releases such as v2026.6.5 are included. Users must verify whether their installation falls within this range and upgrade accordingly.

Risk and Exploitability

The CVSS score of 6.8 classifies the flaw as moderate severity. The EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers require local filesystem access, so the likely scenario is a compromised or shared environment where a non‑privileged user could read the affected files. The flaw does not enable remote code execution, but it exposes sensitive data that could be leveraged downstream.

Generated by OpenCVE AI on June 18, 2026 at 19:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Hermes Agent to version 0.16.0 or later to eliminate the permission issue.
  • If an immediate upgrade is not possible, adjust the file permissions of response_store.db and webhook_subscriptions.json to 0o600 or otherwise remove world‑readable access after deployment.
  • Run the agent within an isolated container or dedicated user account with restricted filesystem permissions to reduce the impact of local read access.
  • Regularly audit the permissions of the store files to ensure they remain secure.

Generated by OpenCVE AI on June 18, 2026 at 19:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-99f9-j8r3-p853 Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)
History

Thu, 18 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Nousresearch
Nousresearch hermes-agent
Vendors & Products Nousresearch
Nousresearch hermes-agent

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.
Title Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Subscriptions

Nousresearch Hermes-agent
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-17T18:39:35.273Z

Reserved: 2026-06-10T21:23:54.283Z

Link: CVE-2026-53870

cve-icon Vulnrichment

Updated: 2026-06-17T18:37:21.459Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:30:05Z

Weaknesses
  • CWE-276

    Incorrect Default Permissions