A vulnerability, which was classified as critical, has been found in nesquena hermes-webui up to 0.51.306. Impacted is an unknown function of the file auth.json of the component Onboarding Endpoint. This manipulation of the argument X-Forwarded-For causes server-side request forgery.
This vulnerability is handled as CVE-2026-58122. The attack can be initiated remotely. There is not any exploit available.