What is CVE-2026-49955?

CVE-2026-49955 is a medium-severity vulnerability, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.3/10. Published 2026-06-09.

How severe is CVE-2026-49955?

Medium severity. CVSS v3 base score is 5.3 out of 10.

CVE-2026-49955

CVE-2026-49955

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion…

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com

Frequently asked questions

What is CVE-2026-49955?: CVE-2026-49955 is a medium-severity vulnerability, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.3/10. Published 2026-06-09.
How severe is CVE-2026-49955?: Medium severity. CVSS v3 base score is 5.3 out of 10.