PT-2026-50520 · Nesquena · Hermes-Webui

Published

2026-06-17

Updated

2026-06-17

CVE-2026-53871

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get profile cookie() function that accepts unauthenticated profile names from the hermes profile cookie. An authenticated attacker can forge the hermes profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-565

Related Identifiers

CVE-2026-53871

Affected Products

Hermes-Webui

PT-2026-50520 · Nesquena · Hermes-Webui

CVE-2026-53871

Weakness Enumeration

Related Identifiers

Affected Products

References · 5