CVE-2026-6829

Sažetak

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/start, and /api/workspaces/add. Attackers can repoint a session workspace to a directory outside the intended trusted root and then use ordinary file read and write APIs to access or modify files outside the intended workspace boundary within the permissions of the hermes-webui process.

Reference

https://github.com/nesquena/hermes-webui/commit/2a7a5ddfaf39e3b0094b7ac37e9f1dbcf40a3918
https://github.com/nesquena/hermes-webui/pull/416
https://github.com/nesquena/hermes-webui/releases/tag/v0.50.34
https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-directory-access

CVSS

Base:	6.3
Impact:	3.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Zadnje važnije ažuriranje

21-04-2026 - 22:16

Objavljeno

21-04-2026 - 22:16