CVE-2026-14628

MEDIUM

NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-14628. PoCs published by MESLIMOHAMEDM22005188.

AI-analyzed exploit summary This repository provides a technical demonstration of the path traversal vulnerability (CWE-22) in CVE-2026-14628, including a vulnerable example (naive path concatenation) and a secure fix (input validation + absolute path verification). The analysis explains the root cause, patch diff, and defensive techniques in depth.

Description

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WRITEUP
by MESLIMOHAMEDM22005188 · pythonpoc
https://github.com/MESLIMOHAMEDM22005188/path-traversal-CVE-2026-14628

This repository provides a technical demonstration of the path traversal vulnerability (CWE-22) in CVE-2026-14628, including a vulnerable example (naive path concatenation) and a secure fix (input validation + absolute path verification). The analysis explains the root cause, patch diff, and defensive techniques in depth.

Classification
Writeup 99%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: NousResearch hermes-agent (< 2026.5.16)
No auth needed
Prerequisites: User-controlled filename input to the vulnerable `extract_media` function
mistral-large-3 · analyzed Jul 06, 2026 Full analysis →

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-376144 | NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal
https://vuldb.com/vuln/376144
Signature, Permissions Required signature permissions-required
VDB-376144 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376144/cti
Third Party Advisory third-party-advisory
CVE-2026-14628 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14628
Third Party Advisory third-party-advisory
Submit #845599 | NousResearch Hermes Agent <= v2026.5.16 Path Traversal / Improper Limitation of a Pathname to a Restricted Directory (CWE-22)
https://vuldb.com/submit/845599

Scores

CVSS v3 5.3
EPSS 0.0055
EPSS Percentile 42.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (17)
NousResearch/hermes-agent 2026.5.0
NousResearch/hermes-agent 2026.5.1
NousResearch/hermes-agent 2026.5.10
NousResearch/hermes-agent 2026.5.11
NousResearch/hermes-agent 2026.5.12
NousResearch/hermes-agent 2026.5.13
NousResearch/hermes-agent 2026.5.14
NousResearch/hermes-agent 2026.5.15
NousResearch/hermes-agent 2026.5.16
NousResearch/hermes-agent 2026.5.2
... and 7 more
Published Jul 04, 2026
Tracked Since Jul 04, 2026