PT-2026-55696 · Nousresearch · Hermes-Agent

Eric-A

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14626

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31
Description A weakness in the HTTP API component allows a remote attacker to cause a denial of service. The issue exists within the AIAgent.run conversation() function located in the run agent.py file, where improper handling of the todos argument enables the attack.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the AIAgent.run conversation() function to minimize the risk of exploitation.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14626

Affected Products

Hermes-Agent