Hermes WebUI Profile Isolation Bypass Vulnerability

Compliance Impact

The vulnerability allows authenticated users to access data belonging to other profiles without proper authorization, leading to unauthorized data exposure across user profiles.

Such unauthorized access to personal or sensitive data can negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls on data access and confidentiality.

Specifically, the profile isolation bypass could result in breaches of confidentiality and privacy obligations mandated by these regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-49956 is a profile isolation bypass vulnerability in Hermes WebUI versions before 0.51.269. It allows authenticated users to access data belonging to other user profiles by exploiting the sessions search endpoint, which does not properly filter results by the active profile. Attackers can send requests to this endpoint to retrieve session titles and transcript message content from profiles other than their own.

The issue arises because the sessions search handler fails to enforce active-profile filtering, enabling unauthorized access to cross-profile data. The vulnerability was fixed by ensuring the active profile is resolved at the start of the request and filtering session results accordingly unless an explicit parameter to include all profiles is provided.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information across user profiles within the Hermes WebUI application. An attacker with authenticated access can retrieve session metadata, titles, and transcript messages from other users' profiles, potentially exposing confidential or private data.

Such unauthorized data exposure can compromise user privacy and trust, and may lead to further exploitation depending on the nature of the exposed information.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring or testing the /api/sessions/search endpoint for unauthorized access to session data from profiles other than the authenticated user's active profile.

A practical approach is to send authenticated requests to the sessions search handler with queries that do not specify an active profile filter and observe if session titles or transcript messages from other profiles are returned.

For example, using curl to test the endpoint:

• curl -X POST -H "Authorization: Bearer <token>" -d '{}' https://<hermes-webui-host>/api/sessions/search
• Check if the response contains session data from profiles other than the authenticated user's active profile.

If such data is accessible, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Hermes WebUI to version 0.51.269 or later, where the vulnerability has been fixed by enforcing active-profile filtering on the sessions search endpoint.

Until the upgrade can be applied, restrict access to the /api/sessions/search endpoint to trusted users only and monitor for suspicious activity involving session searches.

Additionally, review and apply any patches or pull requests related to session search scoping and profile isolation.

Useful 0 Not Useful 0