A vulnerability described as critical has been identified in nesquena hermes-webui up to 0.51.787. This affects an unknown part of the component Embedded Terminal API. Executing a manipulation can lead to os command injection.

This vulnerability appears as CVE-2026-58123. The attack may be performed from remote. There is no available exploit.