CVE-2026-7396 | NousResearch hermes-agent 0.8.0 WeChat Work Platform Adapter wecom.py path traversal (Issue 8733)

Inserito da Angelo Barbosa | Apr 29, 2026 | CVE

A vulnerability marked as critical has been reported in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal.

This vulnerability is traded as CVE-2026-7396. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-7396 | NousResearch hermes-agent 0.8.0 WeChat Work Platform Adapter wecom.py path traversal (Issue 8733)

Post correlati

CVE-2024-5557 | Schneider Electric SpaceLogic AS-P/SpaceLogic AS-B up to 5.0.3 SNMP Credentials log file (SEVD-2024-163-04)

CVE-2024-3907 | Tenda AC500 2.0.1.9(1307) /goform/setcfm formSetCfm funcpara1 stack-based overflow

CVE-2024-4976 | Xpdf up to 4.05 AcroForm Field Reference out-of-bounds write

CVE-2025-14848 | Advantech WebAccess/SCADA 9.2.1 absolute path traversal