CVE-2026-55198

Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

CVSS 7.1 HIGHEPSS 0.3%CWE-639

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

17 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, enabling attackers to exfiltrate foreign session transcripts by guessing or knowing session identifiers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

nesquena · hermes-webui

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/nesquena/hermes-webui/commit/2a3baa71b81ca92da8ece8616a09f15894beec71 https://github.com/nesquena/hermes-webui/pull/3991 https://github.com/nesquena/hermes-webui/pull/4269 https://github.com/nesquena/hermes-webui/releases/tag/v0.51.443 https://www.vulncheck.com/advisories/hermes-webui-cross-profile-session-data-exfiltration-via-session-export-endpoint