CVE-2026-7113
MEDIUMNousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
Title source: cnaDescription
A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument _INSECURE_NO_AUTH results in missing authentication. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitation is known to be difficult. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.
References (6)
Scores
CVSS v3
5.6
EPSS
0.0007
EPSS Percentile
21.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
CWE-306
Status
published
Products (1)
NousResearch/hermes-agent
0.8.0
Published
Apr 27, 2026
Tracked Since
Apr 27, 2026