NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication_CVE-2026-7113

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitation is known to be difficult. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.

Basic Information

ID CVE-2026-7113

Source VulDB

Published Apr 27, 2026 at 10:00

Affected Product

Vendor NousResearch

Product hermes-agent

Version 0.8.0

Affected Versions NousResearch hermes-agent 0.8.0

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitation is known to be difficult. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.",
    "published": "2026-04-27T10:00:17.997Z",
    "modified": "2026-04-27T10:00:17.997Z",
    "type": "cve",
    "title": "NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359713\nhttps://vuldb.com/vuln/359713/cti\nhttps://vuldb.com/submit/800802\nhttps://github.com/NousResearch/hermes-agent/issues/6440\nhttps://github.com/NousResearch/hermes-agent/pull/6445\nhttps://github.com/NousResearch/hermes-agent/",
    "id": "CVE-2026-7113",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "NousResearch hermes-agent 0.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hermes-agent",
    "version": "0.8.0",
    "vendor": "NousResearch",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}