CVE-2026-6829

Name of the Vulnerable Software and Affected Versions nesquena hermes-webui (affected versions not specified)

Description A trust-boundary failure allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk. This is achieved by manipulating workspace path parameters in the endpoints "/api/session/new", "/api/session/update", "/api/chat/start", and "/api/workspaces/add". Attackers can repoint a session workspace to a directory outside the intended trusted root and use ordinary file read and write APIs to access or modify files outside the intended workspace boundary within the permissions of the hermes-webui process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.