NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Basic Information

ID CVE-2026-7396

Source VulDB

Published Apr 29, 2026 at 17:30

Affected Product

Vendor NousResearch

Product hermes-agent

Version 0.8.0

Affected Versions NousResearch hermes-agent 0.8.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.",
    "published": "2026-04-29T17:30:15.387Z",
    "modified": "2026-04-29T17:30:15.387Z",
    "type": "cve",
    "title": "NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360120\nhttps://vuldb.com/vuln/360120/cti\nhttps://vuldb.com/submit/803269\nhttps://github.com/NousResearch/hermes-agent/issues/8733\nhttps://github.com/bugmaker2/hermes-agent/issues/29\nhttps://github.com/NousResearch/hermes-agent/",
    "id": "CVE-2026-7396",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "NousResearch hermes-agent 0.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hermes-agent",
    "version": "0.8.0",
    "vendor": "NousResearch",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal_CVE-2026-7396