Remote Code Execution Vulnerability in NousResearch Hermes-Agent
CVE-2026-14625
Key Information:
- Vendor
Nousresearch
- Status
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14625?
A security flaw has been identified in the NousResearch hermes-agent, specifically affecting versions up to 0.15.2. The vulnerability lies in the shell.exec function found in the tui_gateway/server.py file, leading to a failure in protective mechanisms. This flaw allows attackers to execute commands remotely, posing a significant risk. Notably, an exploit leveraging this vulnerability has been made public, increasing the urgency for organizations using the affected product to implement mitigation measures promptly. Despite early notification, NousResearch has not responded to this disclosure, raising concerns regarding the product's security management.
Affected Version(s)
hermes-agent 0.15.0
hermes-agent 0.15.1
hermes-agent 0.15.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
