CVE-2026-49973 | nesquena hermes-webui up to 0.51.357 Settings API Endpoint _set_password missing authentication

A vulnerability marked as critical has been reported in nesquena hermes-webui up to 0.51.357. The affected element is an unknown function of the component Settings API Endpoint. The manipulation of the argument _set_password leads to missing authentication.

This vulnerability is traded as CVE-2026-49973. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More