CVE-2026-7396

Name of the Vulnerable Software and Affected Versions hermes-agent version 0.8.0

Description A path traversal issue exists in the WeChat Work Platform Adapter component, specifically within the gateway/platforms/wecom.py file. This flaw allows a remote attacker to manipulate file paths to access unauthorized directories or files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict access to the gateway/platforms/wecom.py file or the WeChat Work Platform Adapter component to minimize the risk of exploitation.