CVE-2026-10548 | NousResearch hermes-agent up to 2026.4.23 Credential Pool Synchronization agent/credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

A vulnerability was found in NousResearch hermes-agent up to 2026.4.23 and classified as critical. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication.

This vulnerability is cataloged as CVE-2026-10548. The attack must be initiated from a local position. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More