Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message content from profiles other than their own active profile.

Basic Information

ID CVE-2026-49956

Source VulnCheck

Published Jun 9, 2026 at 16:10

Affected Product

Vendor nesquena

Product hermes-webui

Affected Versions nesquena hermes-webui 0

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message content from profiles other than their own active profile.",
    "published": "2026-06-09T16:10:33.904Z",
    "modified": "2026-06-09T16:10:33.904Z",
    "type": "cve",
    "title": "Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search",
    "source": "VulnCheck",
    "references": "https://github.com/nesquena/hermes-webui/releases/tag/v0.51.269\nhttps://github.com/nesquena/hermes-webui/pull/3646\nhttps://github.com/nesquena/hermes-webui/pull/3672\nhttps://github.com/nesquena/hermes-webui/commit/2c7b530071bb29ae4184e83e33be5799d529568e\nhttps://www.vulncheck.com/advisories/hermes-webui-profile-isolation-bypass-via-sessions-search",
    "id": "CVE-2026-49956",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "nesquena hermes-webui 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hermes-webui",
    "version": "0",
    "vendor": "nesquena",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search_CVE-2026-49956