CVE-2026-7396
Path Traversal in NousResearch Hermes-Agent
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nousresearch | hermes-agent | 0.8.0 |
| work | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the NousResearch hermes-agent version 0.8.0, specifically in the WeChat Work Platform Adapter component within the file gateway/platforms/wecom.py. It is a path traversal vulnerability, which means an attacker can manipulate file paths to access files and directories that are outside the intended scope.
The attack can be initiated remotely, and the exploit code is publicly available, making it easier for attackers to exploit this issue.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to access unauthorized files on the system by exploiting the path traversal flaw. Since the attack can be performed remotely without any privileges or user interaction, it increases the risk of unauthorized data exposure.
The impact is limited to confidentiality as per the CVSS scores, meaning the attacker could read sensitive information but not modify or disrupt the system.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information stored on the affected system.
- Attackers can read arbitrary files on the server, including sensitive configuration files, SSH keys, and API credentials.
- The exploit can be initiated remotely without any authentication, increasing the risk of compromise.
- Exposure of sensitive files can lead to further attacks, such as privilege escalation, unauthorized access, or data breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to read arbitrary sensitive files on the affected system, including configuration files, SSH keys, and API credentials. This unauthorized access to sensitive information could lead to data breaches.
Such data breaches may impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive personal and health information. Exposure of sensitive files could result in violations of confidentiality and data protection requirements mandated by these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious WeCom messages containing malicious file:// URLs that attempt path traversal to read arbitrary files. Network or system logs should be inspected for unusual file:// URL requests targeting the hermes-agent WeChat Work Platform Adapter component.
Since the vulnerability involves processing of file:// URLs in the gateway/platforms/wecom.py component, detection can include searching for such URLs in logs or intercepted traffic.
- Use grep or similar tools to search logs for file:// URLs, e.g., `grep -r "file://" /var/log/hermes-agent/`
- Monitor network traffic for suspicious HTTP or API requests containing file:// URLs targeting the hermes-agent.
- Check for unexpected file read operations or errors in hermes-agent logs that may indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the processing of file:// URLs in the hermes-agent WeChat Work Platform Adapter until a patch or fix is applied.
Implement input validation to ensure that file paths are restricted to allowed directories, preventing path traversal attacks.
Monitor and block suspicious incoming WeCom messages containing file:// URLs that could exploit this vulnerability.
If possible, update to a patched version of hermes-agent once available or apply custom fixes to enforce directory boundary checks as recommended.
Can you explain this vulnerability to me?
CVE-2026-7396 is a security vulnerability in the NousResearch hermes-agent version 0.8.0, specifically in the WeChat Work Platform Adapter component located in the file gateway/platforms/wecom.py.
The vulnerability is an arbitrary file read issue caused by a path traversal flaw. This happens because the software improperly validates file paths when handling file:// URLs, allowing an attacker to craft malicious URLs that can read arbitrary files on the server.
Attackers can remotely exploit this vulnerability by sending specially crafted WeCom messages containing malicious file:// media source URLs, which bypass directory restrictions and allow access to sensitive files such as configuration files, SSH keys, and API credentials.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious WeCom messages containing file:// URLs that attempt to access arbitrary files on the system. Since the exploit involves sending malicious file:// media source URLs to the hermes-agent's WeCom adapter, detection can focus on identifying such unusual URL patterns in network traffic or application logs.
You can also check the hermes-agent logs for any attempts to process file:// URLs that point outside of the allowed directories.
- Use network monitoring tools to filter for HTTP or API requests containing file:// URLs.
- Search hermes-agent log files for entries with file:// URLs, for example using grep:
- grep -r 'file://' /path/to/hermes-agent/logs
- Monitor API server logs for unusual file read requests triggered by file:// URLs.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the processing of file:// URLs in the WeCom platform adapter component of the hermes-agent until a patch or fix is applied.
Implement strict input validation and directory boundary checks to ensure that file paths resolved from file:// URLs are confined to allowed directories such as the hermes data or cache folders.
If possible, update to a version of hermes-agent where this vulnerability is fixed or apply any available patches.
Monitor and restrict network access to the hermes-agent API server to prevent unauthorized remote exploitation.