CVE Catalog

CVE-2026-22677

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

Hermes WebUI prior to version 0.51.44 contains a path traversal vulnerability in the session import endpoint. Authenticated attackers can read arbitrary files by importing a crafted session with an unrestricted workspace value.

Risk Assessment

Attackers can access sensitive system files, configuration files, or user data, potentially leading to information disclosure and privilege escalation.

Recommendation

Immediately upgrade Hermes WebUI to version 0.51.44 or later. Additionally, restrict WebUI process permissions and implement path validation mechanisms.

Original NVD description (English source)

Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session file API to access any file readable by the WebUI process.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS