CVE-2026-9351 | NousResearch hermes-agent up to 2026.4.16 read_file Tool tools/file_tools.py _is_blocked_device path traversal

Inserito da Angelo Barbosa | Mag 23, 2026 | CVE

A vulnerability marked as critical has been reported in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool. Performing a manipulation results in path traversal.

This vulnerability was named CVE-2026-9351. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9351 | NousResearch hermes-agent up to 2026.4.16 read_file Tool tools/file_tools.py _is_blocked_device path traversal

Post correlati

CVE-2025-66680 | WiseCleaner Wise Force Deleter up to 7.3.2/64.sys WiseDelfile64.sys

CVE-2026-1774 | CASL Ability up to 6.7.4 Extra rulesToFields prototype pollution

CVE-2024-12643 | Chunghwa Telecom tbm-client up to 0.3.20 API cross-site request forgery

CVE-2024-30386 | Juniper Junos OS/Junos OS Evolved l2ald use after free (JSA79184)