CVE-2026-14783
NousResearch hermes-agent skills_tool.py skill_view path traversal
CVSS Score
4.3
EPSS Score
0.3%
EPSS Percentile
25th
A vulnerability was determined in NousResearch hermes-agent 2026.5.29.2. The impacted element is the function skill_view of the file tools/skills_tool.py. Executing a manipulation of the argument Name can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 56f833efa427ccb444c0f9ad1759af1012f2124d. It is advisable to implement a patch to correct this issue.
| CWE | CWE-22 |
| Vendor | nousresearch |
| Product | hermes-agent |
| Published | Jul 5, 2026 |
| Last Updated | Jul 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for nousresearch hermes-agent
Be the first to know when new medium vulnerabilities affecting nousresearch hermes-agent are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
NousResearch / hermes-agent
2026.5.29.2
References
vuldb.com: https://vuldb.com/vuln/376373 vuldb.com: https://vuldb.com/vuln/376373/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14783 vuldb.com: https://vuldb.com/submit/847502 github.com: https://github.com/NousResearch/hermes-agent/issues/38643 github.com: https://github.com/NousResearch/hermes-agent/pull/40566 github.com: https://github.com/NousResearch/hermes-agent/commit/56f833efa427ccb444c0f9ad1759af1012f2124d github.com: https://github.com/NousResearch/hermes-agent/
Credits
๐ Eric-y (VulDB User)