Executive Summary

CVE-2026-49959 is a remote code execution vulnerability in Hermes WebUI versions before 0.51.311. It allows authenticated attackers to execute arbitrary commands on the host system by injecting malicious executable Git configuration into a workspace repository's .git/config file.

The vulnerability arises because the application improperly handles Git subprocess invocations in the api/workspace_git.py file. Attackers can exploit Git settings such as core.fsmonitor, protocol.ext.allow, credential.helper, core.askPass, core.gitProxy, or environment variables like GIT_SSH_COMMAND during Git operations like git status or git fetch to execute arbitrary commands.

The root cause is that malicious or restored workspace repositories can include executable Git configurations that are not properly neutralized, leading to command injection.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows an authenticated attacker to execute arbitrary commands on the host running Hermes WebUI.

Such remote code execution can lead to unauthorized control over the system, potentially allowing attackers to access sensitive data, disrupt services, install malware, or pivot to other parts of the network.

Because the attack vector involves injecting malicious Git configuration, any workspace repository that is compromised or maliciously crafted can be used to exploit this vulnerability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves malicious executable Git configurations in a workspace repository's .git/config file that can lead to remote code execution during Git operations such as git status or git fetch.

To detect this vulnerability on your system, you should inspect the .git/config files in workspace repositories for suspicious or unexpected executable Git configuration entries such as core.fsmonitor, protocol.ext.allow, credential.helper, core.askPass, core.gitProxy, or environment variables like GIT_SSH_COMMAND.

Suggested commands to help detect potential exploitation or presence of malicious Git configurations include:

• Check the .git/config file for suspicious entries: cat /path/to/workspace/.git/config
• Run git status and git fetch commands in a controlled environment to observe any unexpected behavior or command execution: git -C /path/to/workspace status; git -C /path/to/workspace fetch --prune
• Audit environment variables related to Git subprocesses that could be exploited: env | grep -E 'GIT_ASKPASS|SSH_ASKPASS|GIT_SSH|GIT_SSH_COMMAND'

Useful 0 Not Useful 0

Mitigation Strategies

The primary and immediate mitigation step is to upgrade Hermes WebUI to version 0.51.311 or later, where this vulnerability has been fixed by hardening Git subprocess invocations and scrubbing dangerous repository-local Git configurations and environment variables.

Additional mitigation steps include:

• Ensure that only trusted users have authenticated access to the Hermes WebUI application to reduce the risk of malicious repository injection.
• Audit and sanitize workspace repository .git/config files to remove any suspicious or executable Git configuration entries.
• Restrict or monitor environment variables related to Git subprocesses such as GIT_ASKPASS, SSH_ASKPASS, GIT_SSH, and GIT_SSH_COMMAND.
• Apply the patch or update that overrides dangerous Git configurations with hardened defaults and disables interactive prompts by setting GIT_TERMINAL_PROMPT=0.

Useful 0 Not Useful 0