CVE-2026-7396

MEDIUM

NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal

Title source: cna

Description

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

References (6)

[Vdb Entry] https://vuldb.com/vuln/360120

[Signature, Permissions Required] https://vuldb.com/vuln/360120/cti

[Third Party Advisory] https://vuldb.com/submit/803269

[Exploit] https://github.com/NousResearch/hermes-agent/issues/8733

[Issue Tracking] https://github.com/bugmaker2/hermes-agent/issues/29

[Product] https://github.com/NousResearch/hermes-agent/

Scores

CVSS v3 5.3

EPSS 0.0005

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

NousResearch/hermes-agent 0.8.0

Published Apr 29, 2026

Tracked Since Apr 29, 2026