CVE-2026-58123
CRITICALHermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API
Title source: cnaDescription
Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process user via four sequential unauthenticated HTTP requests.
References (4)
Core 4
Core References
Release Notes release-notes
Release Notes
https://github.com/nesquena/hermes-webui/releases/tag/v0.51.788
Patch patch
Patch Commit
https://github.com/nesquena/hermes-webui/commit/d257e5f36cfa9328600c8bde6f0de09a6ad9b6f4
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/hermes-webui-unauthenticated-rce-via-terminal-api
Scores
CVSS v3
9.8
EPSS
0.0093
EPSS Percentile
56.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
nesquena/hermes-webui
< 0.51.788
Published
Jul 09, 2026
Tracked Since
Jul 10, 2026