CVE-2026-7396

Description

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

References

• https://github.com/NousResearch/hermes-agent/
• https://github.com/NousResearch/hermes-agent/issues/8733
• https://github.com/bugmaker2/hermes-agent/issues/29
• https://vuldb.com/submit/803269
• https://vuldb.com/vuln/360120