CVE-2026-6832 | nesquena hermes-webui up to 408 JSON File /api/session/delete session_id path traversal

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability was found in nesquena hermes-webui up to 408. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /api/session/delete of the component JSON File Handler. Performing a manipulation of the argument session_id results in path traversal.

This vulnerability was named CVE-2026-6832. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.

CVE-2026-6832 | nesquena hermes-webui up to 408 JSON File /api/session/delete session_id path traversal

Post correlati

CVE-2024-11752 | babo2015 Eveeno Plugin up to 1.7 on WordPress Shortcode eveeno cross site scripting

CVE-2023-48808 | Totolink X6000R 9.4.0cu.852_B20230719 shttpd sub_4119A0 Privilege Escalation

CVE-2024-37403 | Ivanti Docs@Work prior 2.26.1 on Android information disclosure

CVE-2024-12516 | vickydalmia Coupon Plugin up to 1.2.1 on WordPress Coupon Code cross site scripting