CVE-2026-22677 | nesquena hermes-webui up to 0.51.43 Session Import Endpoint workspace path traversal

A vulnerability classified as critical was found in nesquena hermes-webui up to 0.51.43. This affects an unknown part of the component Session Import Endpoint. Executing a manipulation of the argument workspace can lead to path traversal.

This vulnerability is handled as CVE-2026-22677. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More