CVE-2026-22677
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
Hermes WebUI prior to version 0.51.44 contains a path traversal vulnerability in the session import endpoint. Authenticated attackers can read arbitrary files by importing a crafted session with an unrestricted workspace value.
Risk Assessment
Attackers can access sensitive system files, configuration files, or user data, potentially leading to information disclosure and privilege escalation.
Recommendation
Immediately upgrade Hermes WebUI to version 0.51.44 or later. Additionally, restrict WebUI process permissions and implement path validation mechanisms.
Original NVD description (English source)
Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session file API to access any file readable by the WebUI process.

