CVE-2026-7112
Improper Authentication in NousResearch Hermes-Agent API Server
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nousresearch | hermes-agent | 0.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7112 is a vulnerability in the NousResearch hermes-agent version 0.8.0, specifically in the API server component. The issue lies in the authentication function _check_auth, which, when no API_SERVER_KEY is set (the default), allows unauthenticated access to the API server.
By default, the server binds to localhost (127.0.0.1), which limits exposure to local clients only. However, if the server is configured to bind to a non-localhost address (e.g., 0.0.0.0) without setting an API key, it becomes exposed to remote unauthenticated clients.
This misconfiguration allows attackers to remotely execute arbitrary commands on the host system through the API endpoints, effectively leading to unauthenticated remote code execution (RCE).
The vulnerability arises because the authentication check returns no failure if the API key is empty, and there is no startup warning or error if the server binds to a public interface without authentication configured.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the affected system.
- Attackers can execute arbitrary operating system commands remotely without any authentication.
- Confidentiality is compromised as attackers can read sensitive files on the host.
- Integrity is affected because attackers can create, modify, or delete files and cron jobs.
- Availability can be impacted by exhausting resources, such as LLM API quotas or creating resource-intensive runs.
The risk is especially critical if the server is exposed on a public network interface without an API key set, allowing full control to unauthenticated remote users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the hermes-agent API server is running without an API key configured (API_SERVER_KEY unset or empty) and is bound to a non-localhost address (e.g., 0.0.0.0). Such a configuration allows unauthenticated remote access.
To detect this on your system, you can verify the API server's bind address and environment variables or configuration settings related to API_SERVER_KEY and API_SERVER_HOST.
Suggested commands include:
- Check if the hermes-agent process is listening on a non-localhost interface (e.g., 0.0.0.0): - Linux: `ss -tuln | grep <hermes-agent-port>` or `netstat -tuln | grep <hermes-agent-port>`
- Check environment variables for API_SERVER_KEY and API_SERVER_HOST: - `ps aux | grep hermes-agent` to see if environment variables are passed - Or check configuration files or systemd service files for these variables
- Attempt to send an unauthenticated POST request to the vulnerable endpoint to test if authentication is enforced (replace <host> and <port> accordingly): - `curl -X POST http://<host>:<port>/v1/chat/completions -d '{}'` and observe if the request is accepted without a Bearer token
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that the hermes-agent API server is not bound to any publicly accessible network interface without proper authentication configured.
Specifically:
- Set the environment variable or configuration `API_SERVER_KEY` to a strong, secret API key to enforce authentication.
- Ensure the API server binds only to localhost (127.0.0.1) if no API key is set, to limit access to local clients.
- If network access is required, configure both a non-localhost bind address (e.g., 0.0.0.0) and a valid API_SERVER_KEY to prevent unauthenticated access.
- Apply the patch or update that introduces a startup guard preventing the server from starting on non-localhost addresses without an API key, as described in the fix.
These steps prevent unauthenticated remote code execution by ensuring that the API server cannot be accessed without proper authentication.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated remote code execution on the Hermes-agent API server when no API key is set and the server is bound to a non-localhost address. This leads to unauthorized access to sensitive data, modification of files, and execution of arbitrary commands.
Such unauthorized access and control over the system can result in breaches of confidentiality, integrity, and availability of data, which are critical requirements under common standards and regulations like GDPR and HIPAA.
Specifically, the ability to read sensitive files, modify or delete data, and execute arbitrary commands remotely without authentication can lead to exposure of personal data or protected health information, violating data protection and privacy regulations.
Therefore, if exploited, this vulnerability could cause non-compliance with regulations that mandate strict access controls, authentication, and protection of sensitive information.