CVE-2026-9368 | NousResearch hermes-agent up to 2026.4.16 Environment Variable code_execution_tool.py execute_code sandbox

A vulnerability classified as critical was found in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue.

This vulnerability is referenced as CVE-2026-9368. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More