CVE-2026-22677

Summary

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session file API to access any file readable by the WebUI process.

Affected Software

VendorProductVersion RangeStatus
nesquenahermes-webui0 < 0.51.44affected
nesquenahermes-webuif00cb74f776f22f02f5eb6b39dfb389f87cc7fd3unaffected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References