CVE-2026-10548 | NousResearch hermes-agent up to 2026.4.23 Credential Pool Synchronization agent/credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

A vulnerability was found in NousResearch hermes-agent up to 2026.4.23 and classified as critical. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication.

This vulnerability is cataloged as CVE-2026-10548. The attack must be initiated from a local position. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10548 | NousResearch hermes-agent up to 2026.4.23 Credential Pool Synchronization agent/credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

Post correlati

CVE-2024-27171 | Toshiba Tec e-Studio Multi-Function Peripheral unrestricted upload

CVE-2024-50431 | Cloudways Breeze Plugin up to 2.1.14 on WordPress cross site scripting

CVE-2024-6733 | itsourcecode Tailoring Management System 1.0 templateedit.php id/title/msg sql injection

CVE-2023-50481 | blinksocks 3.3.8 ssr-auth-chain.js inadequate encryption (Issue 108)