CVE-2026-9350

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published May 24, 2026

Vendor unknown

Description

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://gist.github.com/YLChen-007/22cada4c9060f5123dde6185135ae3ab
https://vuldb.com/submit/812213
https://vuldb.com/vuln/365313
https://vuldb.com/vuln/365313/cti