PT-2026-42928 · Unknown · Hermes-Agent

Eric-I

·

Published

2026-05-24

·

Updated

2026-05-26

·

CVE-2026-9368

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions hermes-agent versions prior to 2026.4.17
Description A remote attack can be launched against the Environment Variable Handler component. The issue resides in the execute code() function within the tools/code execution tool.py file, where manipulation can lead to a sandbox issue, potentially allowing code to escape the restricted execution environment.
Recommendations Update to a version later than 2026.4.16. As a temporary workaround, restrict access to the execute code() function in the tools/code execution tool.py file.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9368
GHSA-WM96-9GFH-VVGQ

Affected Products

Hermes-Agent