Home

Description

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-07 | Updated 2026-06-07 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Authorization Bypass

Improper Authorization

Product status

0.1
affected

0.2
affected

0.3
affected

0.4
affected

0.5
affected

0.6
affected

0.7
affected

0.8
affected

0.9
affected

0.10
affected

0.11
affected

0.12.0
affected

Timeline

2026-06-07:Advisory disclosed
2026-06-07:VulDB entry created
2026-06-07:VulDB entry last update

Credits

Eric-b (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/369081 (VDB-369081 | NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization) vdb-entry technical-description

vuldb.com/vuln/369081/cti (VDB-369081 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11461 (CVE-2026-11461 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/829402 (Submit #829402 | NousResearch hermes-agent <= v0.12.0 Authorization Bypass Through User-Controlled Key (CWE-639)) third-party-advisory

gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa related

gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607 exploit

cve.org (CVE-2026-11461)

nvd.nist.gov (CVE-2026-11461)

Download JSON