CVE-2026-7113 | NousResearch hermes-agent 0.8.0 Webhooks Endpoint webhook.py _INSECURE_NO_AUTH missing authentication (Issue 6440)

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability labeled as critical has been found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication.

This vulnerability is reported as CVE-2026-7113. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through a pull request but has not reacted yet.

CVE-2026-7113 | NousResearch hermes-agent 0.8.0 Webhooks Endpoint webhook.py _INSECURE_NO_AUTH missing authentication (Issue 6440)

Post correlati

CVE-2024-33531 | cdbattags lua-resty-jwt 0.2.3 Enc Header improper authentication

CVE-2024-51991 | October CMS up to 3.7.4 SVG File Parser unrestricted upload (GHSA-96hh-8hx5-cpw7)

CVE-2024-44760 | Shenzhou News Union Enterprise Management System up to 5.0/18.8 /servlet/SnoopServlet information disclosure

CVE-2024-10415 | code-projects Blood Bank Management System 1.0 /file/accept.php reqid sql injection