Authorization Bypass in Hermes WebUI Affects Multiple User Profiles
CVE-2026-53871

8.6HIGH

Key Information:

Vendor: Nesquena
Status: Hermes-webui
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-53871?

Hermes WebUI before version 0.51.368 is susceptible to an authorization bypass due to a flaw in the get_profile_cookie() function. This vulnerability enables an attacker to exploit the system by sending a forged hermes_profile cookie. As a result, an authenticated attacker can bypass crucial profile-scoped authorization checks, granting them unauthorized access to user sessions, files, and resources across various profiles. This issue poses a serious risk by allowing an attacker to compromise isolated user data and functionalities.

Affected Version(s)

hermes-webui 0 < 0.51.368

hermes-webui 0.51.368

References

https://github.com/nesquena/hermes-webui/releases/tag/v0....

release-notes

https://github.com/nesquena/hermes-webui/pull/4023

technical-description

https://github.com/nesquena/hermes-webui/pull/4036

issue-tracking

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Chia Min Jun Lennon

CVE-2026-53871 Data

JSON

Nesquena

What is CVE-2026-53871?

Affected Version(s)

References

CVSS V4

Timeline

Credit