PT-2026-55702 · Nousresearch · Hermes-Agent

Eric-A

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14627

CVSS v3.1

5.6

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 0.15.3
Description An improper authentication issue exists within the Discord Platform Integration component. The flaw is located in the DiscordAdapter. is allowed user() function within the gateway/platforms/discord.py file. This allows a remote attacker to bypass authentication, although the attack is characterized by high complexity and is difficult to exploit.
Recommendations Update NousResearch hermes-agent to a version newer than 0.15.2. As a temporary workaround, restrict access to the DiscordAdapter. is allowed user() function to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14627

Affected Products

Hermes-Agent