What is CVE-2026-11322?

CVE-2026-11322 is a medium-severity vulnerability in Nesquena Hermes Webui, classified under Improper Link Resolution Before File Access. CVSS score: 6.5/10. Published 2026-06-04.

How severe is CVE-2026-11322?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Nesquena Hermes Webui

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can…

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Nesquena Hermes Webui — versions 0

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (technical-description)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-11322?: CVE-2026-11322 is a medium-severity vulnerability in Nesquena Hermes Webui, classified under Improper Link Resolution Before File Access. CVSS score: 6.5/10. Published 2026-06-04.
How severe is CVE-2026-11322?: Medium severity. CVSS v3 base score is 6.5 out of 10.