CVE-2026-11461
6.3 MEDIUMA vulnerability has been found in NousResearch hermes-agent up to 0.12.0
Published: 2026-06-07 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-285, CWE-639
Description
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11461
- [Other]https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa
- [Other]https://gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607
- [Other]https://vuldb.com/cve/CVE-2026-11461
- [Other]https://vuldb.com/submit/829402
- [Other]https://vuldb.com/vuln/369081
- [Other]https://vuldb.com/vuln/369081/cti
- [Other]https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa
- [Other]https://vuldb.com/submit/829402
Related CVEs
Same CWE
- CVE-2026-47342 — A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue...
- CVE-2026-46668 — SpiceDB is an open source database system for creating and managing security-critical application permissions
- CVE-2026-44692 — Sharp is a content management framework built for Laravel as a package (7.7 HIGH)
- CVE-2026-46558 — Plane is an open-source project management tool (8.3 HIGH)
- CVE-2026-53471 — A flaw was found in migration-planner (9.6 CRITICAL)