CVE-2026-10223

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31

Description A remote injection flaw exists in the scan memory content() function within the tools/memory tool.py file. This weakness allows a remote attacker to initiate an injection attack.

Recommendations Update to a version later than 2026.4.30. As a temporary workaround, restrict access to the scan memory content() function in the tools/memory tool.py file.

Exploit

Fix

Improper Neutralization

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-74

Related Identifiers

CVE-2026-10223

Affected Products

Hermes-Agent

CVE-2026-10223

Weakness Enumeration

Related Identifiers

Affected Products

References · 9