CVE-2026-7397 - Vulnerability Details

- NousResearch hermes-agent file_tools.py _check_sensitive_path symlink

Description

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended.

Published: 2026-04-29

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in hermes-agent's _check_sensitive_path allows a local attacker to create a symbolic link that points to a protected file or directory, causing the agent to follow the link and read or write the target. The vulnerability matches CWE‑59 and CWE‑61. If the agent runs with elevated privileges, an attacker can read, modify or delete arbitrary files, leading to data disclosure, integrity compromise, or local privilege escalation.

Affected Systems

The vulnerability affects NousResearch hermes-agent version 0.8.0, specifically the file_tools.py module. No earlier versions are explicitly mentioned, but versions before 0.9.0 are presumed affected until patched. The vendor is NousResearch and the product is hermes-agent.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, and no EPSS score is available. The vulnerability is not listed in the CISA KEV catalogue, so no known active exploitation is reported. The exploit requires local access. If the agent runs with privileged rights, the flaw could allow local privilege escalation or unrestricted file system access. Mitigation is most effective by applying the vendor’s patch.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NousResearch

hermes-agent

affected

Version	Status	Constraints
`0.8.0`	affected	—
`0.9.0`	unaffected	—

No data.

Vendor Product Confidence Versions

Nousresearch

Hermes-agent

100%

Version	Status	Scheme	Platform
`0.8.0`	affected	semver	—
`0.9.0`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade hermes-agent to version 0.9.0 or later to apply the vendor-supplied fix.
Limit the filesystem permissions available to the hermes-agent process, ensuring it cannot read or modify sensitive directories.
Run the hermes-agent with the least privilege required, so that even if a symlink is followed, the attacker’s impact is limited.

Generated by OpenCVE AI on April 30, 2026 at 13:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/NousResearch/hermes-agent/
https://github.com/NousResearch/hermes-agent/commit/311dac197145e19e07df68feba2cd55d896a3cd1
https://github.com/NousResearch/hermes-agent/issues/8734
https://github.com/NousResearch/hermes-agent/pull/8829
https://github.com/NousResearch/hermes-agent/releases/tag/v2026.4.13
https://vuldb.com/submit/803270
https://vuldb.com/vuln/360121
https://vuldb.com/vuln/360121/cti

History

Thu, 30 Apr 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 29 Apr 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nousresearch Nousresearch hermes-agent
Vendors & Products		Nousresearch Nousresearch hermes-agent

Wed, 29 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended.
Title		NousResearch hermes-agent file_tools.py _check_sensitive_path symlink
Weaknesses		CWE-59 CWE-61
References		https://github.com/NousResearch/hermes-agent/ https://github.com/NousResearch/hermes-agent/commit/311dac197145e19e07df68feba2cd55d896a3cd1 https://github.com/NousResearch/hermes-agent/issues/8734 https://github.com/NousResearch/hermes-agent/pull/8829 https://github.com/NousResearch/hermes-agent/releases/tag/v2026.4.13 https://vuldb.com/submit/803270 https://vuldb.com/vuln/360121 https://vuldb.com/vuln/360121/cti
Metrics		cvssV2_0 `{'score': 3.2, 'vector': 'AV:L/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 4.4, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Nousresearch Hermes-agent

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-29T18:00:21.731Z

Updated: 2026-04-30T12:47:09.658Z

Reserved: 2026-04-29T10:44:13.710Z

Link: CVE-2026-7397

Vulnrichment

Updated: 2026-04-30T12:47:03.549Z

NVD

Status : Deferred

Published: 2026-04-29T19:16:26.150

Modified: 2026-04-29T21:16:21.590

Link: CVE-2026-7397

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object