CVE-2026-10220 | NousResearch hermes-agent up to 2026.4.30 tools/skills_tool.py _serve_plugin_skill/skill_view injection

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability described as critical has been identified in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection.

This vulnerability appears as CVE-2026-10220. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10220 | NousResearch hermes-agent up to 2026.4.30 tools/skills_tool.py _serve_plugin_skill/skill_view injection

Post correlati

CVE-2025-28243 | Alteryx Server 2023.1.1.460 cross site scripting

CVE-2026-9397 | Besen BS20 EV Charging Station up to 20260426 OTA Update Installation improper authorization

CVE-2025-1964 | projectworlds Online Hotel Booking 1.0 booknow.php?roomname=Duplex checkin sql injection

CVE-2024-43212 | WpTravelly Plugin up to 1.7.7 on WordPress authorization