CVE-2026-11322
Path Traversal in Hermes WebUI Prior to v0.51.221
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hermes | hermes_webui | to 0.51.221 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Hermes WebUI versions prior to v0.51.221 and is a path traversal issue. It allows attackers to bypass the intended workspace boundaries by using symbolic links (symlinks) that point to files or directories outside the designated workspace root.
The vulnerability is exploited through the workspace file and listing APIs, which resolve symlink targets without verifying that the final resolved path remains within the workspace. This flaw enables attackers to access and read files on the host system that the server process can access.
As a result, attackers can disclose sensitive data such as SSH keys, cloud credentials, or application tokens stored outside the workspace.
How can this vulnerability impact me? :
This vulnerability can have serious security impacts by allowing unauthorized access to sensitive files on the host system.
- Attackers can read sensitive information such as SSH keys, which could allow them to gain further unauthorized access to systems.
- Disclosure of cloud credentials could lead to compromise of cloud resources and data.
- Exposure of application tokens may allow attackers to impersonate legitimate users or services.
Overall, exploitation of this vulnerability can lead to data breaches, unauthorized access, and potential further compromise of systems.