๐Ÿ” CVE Alert

CVE-2026-14783

MEDIUM 4.3

NousResearch hermes-agent skills_tool.py skill_view path traversal

CVSS Score
4.3
EPSS Score
0.3%
EPSS Percentile
25th

A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue.

CWE CWE-22
Vendor nousresearch
Product hermes-agent
Published Jul 5, 2026
Last Updated Jul 6, 2026
Stay Ahead of the Next One

Get instant alerts for nousresearch hermes-agent

Be the first to know when new medium vulnerabilities affecting nousresearch hermes-agent are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

NousResearch / hermes-agent
2026.5.29.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376373 vuldb.com: https://vuldb.com/vuln/376373/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14783 vuldb.com: https://vuldb.com/submit/847502 github.com: https://github.com/NousResearch/hermes-agent/issues/38643 github.com: https://github.com/NousResearch/hermes-agent/pull/40566 github.com: https://github.com/NousResearch/hermes-agent/commit/56f833efa427ccb444c0f9ad1759af1012f2124d github.com: https://github.com/NousResearch/hermes-agent/

Credits

๐Ÿ” Eric-y (VulDB User)