ByteOS Network

NousResearch

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-7113

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.3||MEDIUM

EPSS-Not Assigned

Published-27 Apr, 2026 | 10:00

Updated-27 Apr, 2026 | 11:16

NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitation is known to be difficult. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.

Vendor-NousResearch

Product-hermes-agent

CWE ID-CWE-287

Improper Authentication

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2026-7112

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.3||MEDIUM

EPSS-Not Assigned

Published-27 Apr, 2026 | 09:45

Updated-27 Apr, 2026 | 10:16

NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY Handler. The manipulation leads to improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Vendor-NousResearch

Product-hermes-agent

CWE ID-CWE-287

Improper Authentication