Nesquena Hermes-webui
4 CVEs affecting Nesquena Hermes-webui. Latest disclosed: 2026-05-13. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6832 | High | 8.1 | 2026-04-21 | Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside… |
CVE-2026-22677 | Medium | 6.5 | 2026-05-13 | Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary file… |
CVE-2026-6829 | Medium | 6.3 | 2026-04-21 | nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary… |
CVE-2026-6830 | Low | 3.3 | 2026-04-21 | nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously a… |