CVE-2026-14625
Received Received - Intake

Protection Mechanism Failure in NousResearch Hermes-Agent

Vulnerability report for CVE-2026-14625, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulDB

Description

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nousresearch hermes-agent to 0.15.2 (inc)
nousresearch hermes-agent to 2026.5.29.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows remote code execution by bypassing critical security mechanisms, potentially leading to unauthorized access and control over the affected system.

Such unauthorized access and control can result in the exposure, alteration, or destruction of sensitive data, which may violate data protection requirements under regulations like GDPR and HIPAA.

Therefore, organizations using the affected Hermes Agent versions may face compliance risks if this vulnerability is exploited, as it undermines the confidentiality, integrity, and availability of protected data.

Executive Summary

This vulnerability exists in the Hermes Agent gateways of NousResearch's hermes-agent software, specifically in the shell.exec function of the tui_gateway/server.py file. It allows attackers to bypass the system's centralized security guard (check_all_command_guards()), which is designed to filter and block dangerous shell commands.

Because the shell.exec method and Quick Commands execute shell commands without proper security checks, attackers can remotely execute arbitrary shell commands on the host system. The pre-execution security scanner (tirith) that normally prevents attacks like homograph attacks, Unicode injections, and dangerous pipe chains is bypassed in these execution paths.

An attacker can exploit this by tricking an administrator into configuring a malicious quick command or by gaining access to the TUI JSON-RPC interface, leading to remote code execution (RCE) on the affected system.

Impact Analysis

This vulnerability can have serious impacts including allowing an attacker to execute arbitrary shell commands remotely on the affected system.

Such remote code execution can lead to full compromise of the underlying infrastructure, potentially resulting in unauthorized data access, system manipulation, or disruption of services.

Because the security mechanisms designed to prevent dangerous commands are bypassed, the system is left vulnerable to a wide range of attacks that can affect confidentiality, integrity, and availability.

Detection Guidance

This vulnerability involves unfiltered execution of arbitrary shell commands via the shell.exec JSON-RPC method and Quick Commands in the Hermes Agent. Detection can focus on monitoring for unusual or unauthorized shell command executions, especially those bypassing the system's centralized security guard.

You can check for suspicious activity by monitoring logs for shell.exec JSON-RPC calls or Quick Command executions that do not pass through the security scanner. Additionally, inspecting running processes or command histories for unexpected shell commands may help.

  • Use network monitoring tools to detect JSON-RPC calls to the shell.exec method.
  • On the host system, run commands like `ps aux | grep shell.exec` or check process execution logs.
  • Audit command history files (e.g., `.bash_history`) for suspicious commands that could indicate exploitation.
  • Use system auditing tools (e.g., auditd on Linux) to track execution of shell commands initiated by the Hermes Agent.
Mitigation Strategies

Since no patched versions are available for the Hermes Agent up to version 0.15.2, immediate mitigation involves restricting access and usage of the vulnerable shell.exec JSON-RPC method and Quick Commands.

Steps include limiting administrative access to the TUI JSON-RPC interface to trusted users only, disabling or restricting Quick Commands that execute shell commands, and monitoring for suspicious activity.

Additionally, consider implementing network-level controls such as firewall rules to restrict access to the Hermes Agent interfaces and applying strict user privilege management to reduce the risk of exploitation.

Until a patch is released, avoid configuring or accepting untrusted Quick Commands and educate administrators about the risk of executing arbitrary shell commands through the agent.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14625. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart