Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.

Basic Information

ID CVE-2026-6830

Source VulnCheck

Published Apr 21, 2026 at 21:33

Affected Product

Vendor nesquena

Product hermes-webui

Affected Versions nesquena hermes-webui 0

CWE Classification

CWE-668 CWE-459

References

{
    "lastseen": "",
    "description": "nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.",
    "published": "2026-04-21T21:33:28.985Z",
    "modified": "2026-04-21T21:33:36.356Z",
    "type": "cve",
    "title": "Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch",
    "source": "VulnCheck",
    "references": "https://github.com/nesquena/hermes-webui/commit/88dc8bbe26a6055161d3251b70f5cd3d3c5831b0\nhttps://github.com/nesquena/hermes-webui/pull/351\nhttps://github.com/nesquena/hermes-webui/releases/tag/v0.50.132\nhttps://github.com/nesquena/hermes-webui/releases/tag/v0.50.12\nhttps://www.vulncheck.com/advisories/nesquena-hermes-webui-environment-variable-credential-leakage-via-profile-switch",
    "id": "CVE-2026-6830",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668",
        "CWE-459"
    ],
    "cvelist": null,
    "sourceData": "nesquena hermes-webui 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hermes-webui",
    "version": "0",
    "vendor": "nesquena",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch_CVE-2026-6830