← volver
CVE-2026-10223

NousResearch hermes-agent memory_tool.py _scan_memory_content injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-707CWE-74
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 5.3EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
01 jun 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
NousResearch · hermes-agent
PoCs públicas encontradas1
cve_referencegist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4https://vuldb.com/cve/CVE-2026-10223https://vuldb.com/submit/822021https://vuldb.com/vuln/367502https://vuldb.com/vuln/367502/cti