CVE-2026-6830— Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6830
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
Source: NVD (National Vulnerability Database)
Vulnerability Description
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hermes Web UI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hermes Web UI是Nathan Esquenazi个人开发者的一个轻量级、暗色主题的自主智能体Web界面。 Hermes Web UI存在安全漏洞,该漏洞源于配置文件切换时未在加载下一个配置文件前清除先前活动配置文件的环境变量,可能导致攻击者或用户利用累加式dotenv重新加载行为,破坏配置文件之间的预期安全隔离。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nesquena | hermes-webui | 0 ~ PR #351 | - |
II. Public POCs for CVE-2026-6830
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6830
请登录查看更多情报信息。
Same Patch Batch · nesquena · 2026-04-21 · 3 CVEs total
| CVE-2026-6832 | 8.1 HIGH | Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id |
| CVE-2026-6829 | 6.3 MEDIUM | nesquena hermes-webui Arbitrary Workspace Directory Access |
IV. Related Vulnerabilities
Same weakness: CWE-668
- CVE-2026-41369
OpenClaw < 2026.3.31 - Insufficient Environment Variable San - CVE-2026-41368
OpenClaw < 2026.3.28 - Environment Variable Disclosure via j - CVE-2026-41362
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache - CVE-2026-32690
Apache Airflow: 3.x - Nested Variable Secret Values Bypass R - CVE-2026-30912
Apache Airflow: Exposing stack trace in case of constraint e
V. Comments for CVE-2026-6830
No comments yet