CVE-2026-10548 | NousResearch hermes-agent up to 2026.4.23 Credential Pool Synchronization agent/credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

A vulnerability was found in NousResearch hermes-agent up to 2026.4.23 and classified as critical. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication.

This vulnerability is cataloged as CVE-2026-10548. The attack must be initiated from a local position. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10548 | NousResearch hermes-agent up to 2026.4.23 Credential Pool Synchronization agent/credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

Post correlati

CVE-2024-9927 | WooCommerce Order Proposal Plugin up to 2.0.5 on WordPress Privilege Escalation

CVE-2025-0918 | yaycommerce SMTP for SendGrid Plugin up to 1.3.1 on WordPress cross site scripting

CVE-2025-24707 | GT3 Photo Gallery Plugin up to 2.7.7.24 on WordPress cross site scripting

CVE-2024-28665 | DedeCMS 5.7 /dede/article_add.php cross-site request forgery