CVE-2026-53870

Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files

CVSS 6.8 MEDIUMEPSS 0.1%CWE-276

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

17 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

NousResearch · hermes-agent

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/NousResearch/hermes-agent/commit/3bace071bfadf2d2bec2ee048471a31ec920e3e8 https://github.com/NousResearch/hermes-agent/pull/30917 https://github.com/NousResearch/hermes-agent/pull/31469 https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5 https://www.vulncheck.com/advisories/hermes-agent-sensitive-file-permission-vulnerability-in-store-files