CVE-2026-10222 | NousResearch hermes-agent up to 2026.4.30 hermes_cli/config.py _sanitize_env_lines injection

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability classified as critical was found in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection.

This vulnerability is known as CVE-2026-10222. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10222 | NousResearch hermes-agent up to 2026.4.30 hermes_cli/config.py _sanitize_env_lines injection

Post correlati

CVE-2026-38993 | Cockpit up to 2.13.5 Buckets path traversal

CVE-2023-3964 | GitLab prior 16.4.3/16.5.3/16.6.1 Composer Package access control

CVE-2023-32462 | Dell SmartFabric OS10 os command injection (dsa-2023-124)

CVE-2024-50079 | Linux Kernel up to 6.11.4 io_uring_cancel_generic state issue (887ba598d9cf/8f7033aa4089)