CVE-2026-6830
Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.
| CWE | CWE-668 CWE-459 |
| Vendor | nesquena |
| Product | hermes-webui |
| Published | Apr 21, 2026 |
| Last Updated | Apr 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for nesquena hermes-webui
Be the first to know when new low vulnerabilities affecting nesquena hermes-webui are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
nesquena / hermes-webui
0 < PR #351
References
github.com: https://github.com/nesquena/hermes-webui/commit/88dc8bbe26a6055161d3251b70f5cd3d3c5831b0 github.com: https://github.com/nesquena/hermes-webui/pull/351 github.com: https://github.com/nesquena/hermes-webui/releases/tag/v0.50.132 github.com: https://github.com/nesquena/hermes-webui/releases/tag/v0.50.12 vulncheck.com: https://www.vulncheck.com/advisories/nesquena-hermes-webui-environment-variable-credential-leakage-via-profile-switch
Credits
Chia Min Jun Lennon