Authorization Bypass Vulnerability in Hermes WebUI Product by Nesquena
CVE-2026-55198

7.1HIGH

Key Information:

Vendor

Nesquena

Status
Hermes-webui
Vendor
CVE Published:
17 June 2026

What is CVE-2026-55198?

The Hermes WebUI platform prior to version 0.51.443 is susceptible to an authorization bypass vulnerability involving the session export endpoint. This flaw permits authenticated users to illicitly access session data from other user profiles. The vulnerability arises due to inadequate verification of profile ownership in the _handle_session_export function, allowing attackers to potentially exfiltrate sensitive session transcripts by either guessing or knowing session identifiers. This poses a significant risk, as it undermines user privacy and data integrity.

Affected Version(s)

hermes-webui 0 < 0.51.443

hermes-webui 0.51.443

References

https://github.com/nesquena/hermes-webui/releases/tag/v0....
release-notes
https://github.com/nesquena/hermes-webui/pull/3991
technical-description
https://github.com/nesquena/hermes-webui/pull/4269
issue-tracking

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.