Home

Description

Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.

PUBLISHED Reserved 2026-06-10 | Published 2026-06-17 | Updated 2026-06-17 | Assigner VulnCheck




MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Incorrect Default Permissions

Product status

Default status
unaffected

Any version before 0.16.0
affected

0.16.0 (semver)
unaffected

Credits

Chia Min Jun Lennon finder

References

github.com/NousResearch/hermes-agent/pull/30917 exploit

github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5 (Release Notes) release-notes

github.com/NousResearch/hermes-agent/pull/30917 (Researcher Pull Request) issue-tracking

github.com/NousResearch/hermes-agent/pull/31469 (Maintainer Pull Request) issue-tracking

github.com/...ommit/3bace071bfadf2d2bec2ee048471a31ec920e3e8 (Patch Commit) patch

www.vulncheck.com/...permission-vulnerability-in-store-files third-party-advisory

cve.org (CVE-2026-53870)

nvd.nist.gov (CVE-2026-53870)

Download JSON