PT-2026-42911 · Nousresearch · Hermes-Agent

Eric-I

·

Published

2026-05-24

·

Updated

2026-05-26

·

CVE-2026-9353

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.23
Description An injection issue exists in the Skills Guard Multi-Word Prompt Handler component within the file agent/skills guard.py. The flaw allows remote exploitation through the manipulation of the THREAT PATTERNS argument.
Recommendations Update to a version later than 2026.4.23. As a temporary mitigation, restrict the use of the THREAT PATTERNS argument in the agent/skills guard.py file.

Exploit

Fix

Improper Neutralization

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9353
GHSA-238W-F66P-W349

Affected Products

Hermes-Agent