CVE-2026-9350 | NousResearch hermes-agent up to 2026.4.16 Batch Runner tools/approval.py check_all_command_guards authorization

Inserito da Angelo Barbosa | Mag 23, 2026 | CVE

A vulnerability labeled as critical has been found in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2026-9350. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9350 | NousResearch hermes-agent up to 2026.4.16 Batch Runner tools/approval.py check_all_command_guards authorization

Post correlati

CVE-2024-36673 | SourceCodester Pharmacy Medical Store Point of Sale System 1.0 password sql injection (Issue 39)

CVE-2024-0474 | code-projects Dormitory Management System 1.0 login.php username sql injection

CVE-2025-47606 | Igor Benic Simple Giveaways Plugin up to 2.48.2 on WordPress cross-site request forgery

CVE-2023-50292 | Apache Solr up to 8.11.2/9.2.x permission assignment