Eric-J

**Name of the Vulnerable Software and Affected Versions** hermes-agent versions prior to 2026.4.23 **Description** A security flaw in the Credential Pool Synchronization component allows for improper authentication. The issue resides in the ` sync anthropic entry from credentials file()` function within the `agent/credential pool.py` file. An attacker must have local access to initiate the attack. **Recommendations** Update to a version later than 2026.4.23. As a temporary workaround, restrict access to the ` sync anthropic entry from credentials file()` function in the `agent/credential pool.py` file.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent versions prior to 2026.4.31 **Description** A remote code injection issue exists in the ` serve plugin skill/skill view` function within the `tools/skills tool.py` file. A remote attacker can perform a manipulation that leads to injection. **Recommendations** Update to a version later than 2026.4.30. As a temporary workaround, restrict access to the ` serve plugin skill/skill view` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** hermes-agent versions prior to 0.12.1 **Description** An injection issue exists in the ` compress context()` function within the `run agent.py` file. This flaw allows a remote attacker to perform an injection attack through the manipulation of the function. **Recommendations** Update to a version later than 0.12.0. As a temporary workaround, restrict the use of the ` compress context()` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent versions prior to 2026.4.31 **Description** An injection flaw exists in the ` sanitize env lines()` function within the `hermes cli/config.py` file. This issue allows for remote attacks, although exploitation is considered difficult and requires a high level of complexity. **Recommendations** Update to a version later than 2026.4.30. As a temporary workaround, restrict access to the ` sanitize env lines()` function in the `hermes cli/config.py` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent versions prior to 2026.4.31 **Description** A remote injection flaw exists in the ` scan memory content()` function within the `tools/memory tool.py` file. This weakness allows a remote attacker to initiate an injection attack. **Recommendations** Update to a version later than 2026.4.30. As a temporary workaround, restrict access to the ` scan memory content()` function in the `tools/memory tool.py` file.

**Name of the Vulnerable Software and Affected Versions** NousResearch hermes-agent versions prior to 2026.4.30 **Description** A remote resource consumption issue exists in the Webhook Endpoint component. The flaw is located within the ` handle webhook request()` function in the `gateway/platforms/feishu.py` file, allowing a remote attacker to cause excessive resource consumption. **Recommendations** Update to version 2026.4.30 or later. As a temporary workaround, restrict access to the ` handle webhook request()` function in the `gateway/platforms/feishu.py` file to minimize the risk of exploitation.