Browse all 4 CVE security advisories affecting NousResearch. AI-powered Chinese analysis, POCs, and references for each vulnerability.
NousResearch develops AI research tools and platforms, focusing on advanced machine learning and data analysis solutions. Historically, their systems have been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure API endpoints. While no major public security incidents have been documented, the organization maintains a moderate vulnerability profile with four CVEs recorded to date. Their security posture appears typical for AI research platforms, balancing functionality with basic security measures. The company's codebase and infrastructure remain subject to standard web application risks, though no systemic weaknesses or high-impact breaches have been reported in their public-facing services.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7397 | NousResearch hermes-agent file_tools.py _check_sensitive_path symlink — hermes-agentCWE-61 | 4.4 | Medium | 2026-04-29 |
| CVE-2026-7396 | NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal — hermes-agentCWE-22 | 5.3 | Medium | 2026-04-29 |
| CVE-2026-7113 | NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication — hermes-agentCWE-306 | 5.6 | Medium | 2026-04-27 |
| CVE-2026-7112 | NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication — hermes-agentCWE-287 | 5.6 | Medium | 2026-04-27 |
This page lists every published CVE security advisory associated with NousResearch. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.