Compliance Impact

The vulnerability causes improper authentication and information leakage by merging multiple distinct accounts into a single identity, which can lead to unauthorized access to sensitive data.

Such unauthorized access and information leakage can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-10548 is an authentication bypass vulnerability in the hermes-agent Python package, affecting versions up to 2026.4.23. The issue occurs in the credential pool synchronization system, specifically in the _sync_anthropic_entry_from_credentials_file method. When multiple Anthropic accounts are used to distribute load and avoid rate limits, the system fails to properly isolate credentials. Upon hitting a rate limit, the system marks tokens as exhausted and tries to rotate to new credentials. However, it incorrectly synchronizes exhausted credentials with a shared global credentials file, overwriting all pool entries with the contents of this single file. This merges distinct accounts into one identity, bypassing authentication boundaries and allowing operations meant for separate accounts to run under a single session.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to authentication bypass and information leakage. Because multiple distinct accounts can be merged into a single session, an attacker with local access can perform actions under the identity of other accounts without proper authorization. This compromises the integrity and confidentiality of the system, potentially allowing unauthorized access to sensitive operations or data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves improper synchronization of Anthropic credentials in the hermes-agent, specifically overwriting multiple tokens with a single shared credentials file located at ~/.claude/.credentials.json.

To detect this vulnerability on your system, you can check for the presence and contents of the shared credentials file and verify if multiple distinct Anthropic account tokens have been merged or overwritten.

Suggested commands to inspect the credentials file and detect suspicious overwriting include:

• cat ~/.claude/.credentials.json # View the contents of the shared credentials file
• ls -l ~/.claude/.credentials.json # Check file modification times to detect unexpected changes
• grep -E 'token|credential' ~/.claude/.credentials.json # Search for token entries in the credentials file

Additionally, monitoring local process activity related to hermes-agent and checking for unexpected authentication behavior or token reuse may help identify exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting local access to the hermes-agent and the shared credentials file (~/.claude/.credentials.json) to prevent unauthorized local manipulation.

You should also audit and rotate all Anthropic account tokens used by the hermes-agent to invalidate any potentially compromised credentials.

Since the vulnerability arises from improper synchronization in the _sync_anthropic_entry_from_credentials_file method, avoid running multiple Anthropic accounts in a shared environment until a patch or update is available.

Monitor for updates from the vendor or community for a fixed version of hermes-agent and apply patches as soon as they become available.

Useful 0 Not Useful 0