PT-2026-55702 · Nousresearch · Hermes-Agent
Eric-A
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14627
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
NousResearch hermes-agent versions prior to 0.15.3
Description
An improper authentication issue exists within the Discord Platform Integration component. The flaw is located in the
DiscordAdapter. is allowed user() function within the gateway/platforms/discord.py file. This allows a remote attacker to bypass authentication, although the attack is characterized by high complexity and is difficult to exploit.Recommendations
Update NousResearch hermes-agent to a version newer than 0.15.2.
As a temporary workaround, restrict access to the
DiscordAdapter. is allowed user() function to minimize the risk of exploitation.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hermes-Agent