CVE-2026-9353 | NousResearch hermes-agent up to 2026.4.23 Skills Guard Multi-Word Prompt agent/skills_guard.py THREAT_PATTERNS injection

Inserito da Angelo Barbosa | Mag 23, 2026 | CVE

A vulnerability classified as critical has been found in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to injection.

This vulnerability is referenced as CVE-2026-9353. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-9353 | NousResearch hermes-agent up to 2026.4.23 Skills Guard Multi-Word Prompt agent/skills_guard.py THREAT_PATTERNS injection

Post correlati

CVE-2024-11418 | Additional Order Filters for WooCommerce Plugin up to 1.21 on WordPress cross site scripting

CVE-2024-5542 | litonice13 Master Addons Plugin up to 2.0.6.1 on WordPress Navigation Menu Widget cross site scripting

CVE-2026-22323 | Phoenix Contact FL SWITCH 2005 up to 3.52 Link Aggregation Configuration Interface cross-site request forgery (VDE-2025-104)

CVE-2024-31366 | Themify Post Type Builder Plugin up to 2.0.8 on WordPress authorization