CVE-2026-10223

MEDIUM

NousResearch hermes-agent memory_tool.py _scan_memory_content injection

Title source: cna

Description

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367502 | NousResearch hermes-agent memory_tool.py _scan_memory_content injection

https://vuldb.com/vuln/367502

Signature, Permissions Required signature permissions-required

VDB-367502 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/367502/cti

Third Party Advisory third-party-advisory

CVE-2026-10223 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10223

Third Party Advisory third-party-advisory

Submit #822021 | NousResearch hermes-agent <= v2026.4.30 Injection (CWE-74)

https://vuldb.com/submit/822021

Exploit exploit

https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4

Scores

CVSS v3 6.3

EPSS 0.0023

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-707 CWE-74

Status published

Products (31)

NousResearch/hermes-agent 2026.4.0

NousResearch/hermes-agent 2026.4.1

NousResearch/hermes-agent 2026.4.10

NousResearch/hermes-agent 2026.4.11

NousResearch/hermes-agent 2026.4.12

NousResearch/hermes-agent 2026.4.13

NousResearch/hermes-agent 2026.4.14

NousResearch/hermes-agent 2026.4.15

NousResearch/hermes-agent 2026.4.16

NousResearch/hermes-agent 2026.4.17

... and 21 more

Published Jun 01, 2026

Tracked Since Jun 01, 2026