CVE-2026-6830

Name of the Vulnerable Software and Affected Versions nesquena hermes-webui (affected versions not specified)

Description An environment variable leakage occurs when switching profiles, as the system fails to clear variables from the previously active profile before loading the next one. This additive dotenv reload behavior allows users or attackers to access provider API keys and other sensitive secrets from one profile context within another, compromising the security isolation between profiles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.