CVE-2026-9369 | NousResearch hermes-agent 2026.4.23 CLI web-dashboard Interface hermes_cli/web_server.py _discover_dashboard_plugins HERMES_ENABLE_PROJECT_PLUGINS comparison

May 23, 2026 Yanac

A vulnerability, which was classified as problematic, has been found in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison.

This vulnerability is identified as CVE-2026-9369. The attack is only possible with local access. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More