CVE-2026-11461 | NousResearch hermes-agent up to 0.12.0 resume Endpoint hermes_state.py resolve_session_by_title Title authorization

Inserito da Angelo Barbosa | Giu 7, 2026 | CVE

A vulnerability described as critical has been identified in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass.

This vulnerability is referenced as CVE-2026-11461. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-11461 | NousResearch hermes-agent up to 0.12.0 resume Endpoint hermes_state.py resolve_session_by_title Title authorization

Post correlati

CVE-2025-64752 | gristlabs grist-core up to 1.7.6 server-side request forgery (GHSA-qh95-2qv8-pqx3)

CVE-2026-1539 | GNOME libsoup HTTP Redirect insertion of sensitive information into sent data

CVE-2026-43087 | Linux Kernel up to 6.19.13 mcp23s08 _raw_spin_lock_irq denial of service

CVE-2025-49584 | xwiki-platform up to 16.4.6/16.10.2 REST Endpoint insertion of sensitive information into sent data