CVE-2026-55196
Deferred Deferred - Pending Action
Authentication Bypass in Hermes WebUI via Passkey Registration

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: VulnCheck

Description
Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options and POST /api/auth/passkey/register endpoints are accessible without authentication, allowing attackers to claim the first passkey and gain permanent administrative control.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-18
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-55196
EUVD
EUVD-2026-37777
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Hermes WebUI versions before 0.51.409 have an authentication bypass vulnerability in the passkey registration endpoints. Specifically, when the environment variable HERMES_WEBUI_PASSKEY is set to 1 and there are no existing credentials, the endpoints POST /api/auth/passkey/register/options and POST /api/auth/passkey/register can be accessed without authentication.

This allows unauthenticated remote attackers to register arbitrary passkeys, effectively letting them claim the first passkey and gain permanent administrative control over the system.

Impact Analysis

This vulnerability can have a severe impact as it allows attackers to bypass authentication and gain permanent administrative control over the Hermes WebUI system.

With administrative control, attackers can manipulate system settings, access sensitive data, and potentially compromise the entire environment where Hermes WebUI is deployed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55196. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart