CVE-2026-7112

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent version 0.8.0

Description Improper authentication exists in the API SERVER KEY Handler component. The issue is located within the check auth() function of the gateway/platforms/api server.py file. This flaw allows a remote attacker to bypass authentication, although the attack complexity is high and exploitation is considered difficult.

Recommendations As a temporary workaround, consider restricting access to the check auth() function in the gateway/platforms/api server.py file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.