CVE-2026-49958 | nesquena hermes-webui up to 0.51.302 api/workspace_git.py safe_resolve_ws toctou

A vulnerability categorized as problematic has been discovered in nesquena hermes-webui up to 0.51.302. Affected is the function safe_resolve_ws of the file api/workspace_git.py. Executing a manipulation can lead to time-of-check time-of-use.

The identification of this vulnerability is CVE-2026-49958. The attack can only be executed locally. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More