Description
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the _scan_context_content function of the Hermès Agent’s prompt_builder.py module. A manipulated request can trigger an injection payload that is executed by the agent. This flaw allows an attacker to inject arbitrary commands or code and gain control over the execution environment, potentially compromising confidentiality, integrity, and availability of the target system. The description indicates that the attack vector is remote and that the exploit has already been published.

Affected Systems

Vendors affected include NousResearch, specifically the Hermès Agent product version 2026.4.23. The CPE identifier for the affected component is cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*. No other affected versions or products were identified in the current data set.

Risk and Exploitability

The flaw carries a CVSS score of 6.9, reflecting a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. However, because the exploit code is publicly available and the attack can be performed from a remote location, the risk to exposed systems remains significant. An attacker would need network access to the agent’s exposed endpoint, but no local privilege escalation or authentication is required according to the description.

Generated by OpenCVE AI on May 24, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact NousResearch to request an official fix or temporary guidance.
  • Restrict or block remote access to the hermes-agent _scan_context_content endpoint until a patch is applied.
  • Implement strict input validation or sanitization on any data passed to the _scan_context_content function to prevent injection.
  • Consider applying network segmentation or firewall rules to isolate the agent from external traffic.

Generated by OpenCVE AI on May 24, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title NousResearch hermes-agent prompt_builder.py _scan_context_content injection
First Time appeared Nousresearch
Nousresearch hermes-agent
Weaknesses CWE-707
CWE-74
CPEs cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
Vendors & Products Nousresearch
Nousresearch hermes-agent
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Nousresearch Hermes-agent
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T08:15:09.911Z

Reserved: 2026-05-23T10:33:09.869Z

Link: CVE-2026-9366

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T10:30:15Z

Weaknesses