Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

hermes-webui — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in hermes-webui, with AI-generated Chinese analysis, references, and POCs.

The vulnerability aggregation page for hermes-webui, a web-based user interface product, compiles known Common Weakness Enumerations (CWE) associated with this specific software asset. This page collects diverse security vulnerabilities identified within the hermes-webui codebase and its integrated dependencies, covering historical data from the initial release through to recent security patches and updates. Here, you can discover comprehensive insights by tracking vendor advisories to stay informed about official remediation efforts, understanding the specific characteristics and impacts of prevalent weakness classes affecting the application, and looking up the product's vulnerability history to assess long-term security trends and patch effectiveness. The information provided is intended to support security analysts, developers, and system administrators in conducting thorough risk assessments and maintaining secure deployment configurations for hermes-webui environments. By aggregating these findings in one location, the page facilitates efficient monitoring and management of security risks without requiring manual searches across multiple disparate sources.

Vendor: nesquena

CVE IDTitleCVSSSeverityPublished
CVE-2026-55205 Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint CWE-770 5.3 Medium2026-06-18
CVE-2026-55198 Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint CWE-639 6.5 Medium2026-06-17
CVE-2026-55197 Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint CWE-639 6.5 Medium2026-06-17
CVE-2026-55196 Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass CWE-306 9.1 Critical2026-06-17
CVE-2026-53871 Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie CWE-565 8.1 High2026-06-17
CVE-2026-49973 Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings CWE-306 9.4 Critical2026-06-11
CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection CWE-78 8.8 High2026-06-09
CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard CWE-367 5.0 Medium2026-06-09
CVE-2026-49957 Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py CWE-22 7.7 High2026-06-09
CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search CWE-862 6.5 Medium2026-06-09
CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options CWE-770 5.3 Medium2026-06-09
CVE-2026-22677 Hermes WebUI < 0.51.44 Path Traversal via Session Import Endpoint CWE-22 6.5 Medium2026-05-13
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id CWE-22 8.1 High2026-04-21
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch CWE-668 3.3 Low2026-04-21
CVE-2026-6829 nesquena hermes-webui Arbitrary Workspace Directory Access CWE-22 6.3 Medium2026-04-21

All 15 known CVE vulnerabilities affecting hermes-webui with full Chinese analysis, references, and POCs where available.