CVE-2026-53870
MEDIUMHermes Agent < 0.16.0 - World-Readable Store Files Expose Secrets
Title source: manualDescription
Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.
References (5)
Core 5
Core References
Release Notes release-notes
Release Notes
https://github.com/NousResearch/hermes-agent/releases/tag/v2026.6.5
Issue Tracking issue-tracking
Researcher Pull Request
https://github.com/NousResearch/hermes-agent/pull/30917
Issue Tracking issue-tracking
Maintainer Pull Request
https://github.com/NousResearch/hermes-agent/pull/31469
Patch patch
Patch Commit
https://github.com/NousResearch/hermes-agent/commit/3bace071bfadf2d2bec2ee048471a31ec920e3e8
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/hermes-agent-sensitive-file-permission-vulnerability-in-store-files
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
1.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (3)
NousResearch/hermes-agent
< 0.16.0
NousResearch/hermes-agent
0.16.0
pypi/hermes-agent
0 - 0.16.0PyPI
Published
Jun 17, 2026
Tracked Since
Jun 18, 2026