CVE-2026-9354 | NousResearch hermes-agent up to 2026.4.16 Slack Agent/Mattermost Agent format_message escape output

Inserito da Angelo Barbosa | Mag 23, 2026 | CVE

A vulnerability classified as critical was found in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output.

This vulnerability is identified as CVE-2026-9354. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9354 | NousResearch hermes-agent up to 2026.4.16 Slack Agent/Mattermost Agent format_message escape output

Post correlati

CVE-2025-14126 | TOZED ZLT M30S/ZLT M30S PRO 1.47/3.09.06 Web Interface hard-coded credentials

CVE-2024-34987 | PHPGurukul Online Fire Reporting System 1.2 ofrs/admin/index.php username sql injection

CVE-2025-54743 | Download After Email Plugin 2.1.5/2.1.6 on WordPress Form Submission improper authorization

CVE-2026-6158 | Totolink N300RH 6.1c.1353_B20190305 upgrade.so setUpgradeUboot FileName os command injection