Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-55196
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-17 Jun, 2026 | 17:58
Updated At-23 Jun, 2026 | 16:16
Rejected At-
▼CVE Numbering Authority (CNA)
Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication, allowing attackers to claim the first passkey and gain permanent administrative control.

Affected Products
Vendor
hermes-webui
Product
hermes-webui
Repo
https://github.com/nesquena/hermes-webui
Default Status
unaffected
Versions
Affected
  • From 0 before 0.51.409 (semver)
Unaffected
  • 0.51.409 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-306Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
4.09.1CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 4.0
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Chia Min Jun Lennon
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nesquena/hermes-webui/releases/tag/v0.51.442
release-notes
https://github.com/nesquena/hermes-webui/pull/4171
issue-tracking
https://github.com/nesquena/hermes-webui/pull/4267
issue-tracking
https://github.com/nesquena/hermes-webui/commit/4d90577e25d5537cb07290eca3fb8abff3bab316
patch
https://www.vulncheck.com/advisories/hermes-webui-unauthenticated-passkey-registration-via-authentication-bypass
third-party-advisory
Hyperlink: https://github.com/nesquena/hermes-webui/releases/tag/v0.51.442
Resource:
release-notes
Hyperlink: https://github.com/nesquena/hermes-webui/pull/4171
Resource:
issue-tracking
Hyperlink: https://github.com/nesquena/hermes-webui/pull/4267
Resource:
issue-tracking
Hyperlink: https://github.com/nesquena/hermes-webui/commit/4d90577e25d5537cb07290eca3fb8abff3bab316
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/hermes-webui-unauthenticated-passkey-registration-via-authentication-bypass
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found