PT-2026-42927 · Nousresearch · Hermes-Agent

Eric-I

·

Published

2026-05-24

·

Updated

2026-06-13

·

CVE-2026-9367

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 5157f5427f19488b31c6fdebbacd15d798ce7f63
Description An OS command injection issue exists in the terminal tool component, specifically within the detect dangerous command() function located in the tools/approval.py file. This flaw allows a remote attacker to execute arbitrary operating system commands.
Recommendations Update to a version later than 5157f5427f19488b31c6fdebbacd15d798ce7f63. As a temporary workaround, restrict access to the detect dangerous command() function in the tools/approval.py file to minimize the risk of exploitation.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9367

Affected Products

Hermes-Agent