What is CVE-2026-6829?

CVE-2026-6829 is a medium-severity vulnerability in Nesquena Hermes-webui, classified under Path Traversal. CVSS score: 6.3/10. Published 2026-04-21.

How severe is CVE-2026-6829?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Path Traversal in Nesquena Hermes-webui

CVE-2026-6829

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoint…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Nesquena Hermes-webui — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

Pull Request (related)
Patch Commit (patch)
Release Notes (release-notes)
www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-director… (third-party-advisory)

Frequently asked questions

What is CVE-2026-6829?: CVE-2026-6829 is a medium-severity vulnerability in Nesquena Hermes-webui, classified under Path Traversal. CVSS score: 6.3/10. Published 2026-04-21.
How severe is CVE-2026-6829?: Medium severity. CVSS v3 base score is 6.3 out of 10.