Authentication Bypass in Hermes WebUI by nesquena
CVE-2026-58122
9.3CRITICAL
What is CVE-2026-58122?
Hermes WebUI prior to version 0.51.307 is susceptible to an authentication bypass vulnerability that enables unauthorized remote attackers to circumvent local-origin IP restrictions on onboarding endpoints. By manipulating the X-Forwarded-For header with a loopback address, attackers can exploit this issue to execute server-side request forgery against sensitive internal services. This exploitation can lead to the compromise of cloud metadata endpoints, unauthorized changes to LLM provider configurations, and retrieval of persistent access tokens from stored auth.json files, all of which pose significant security risks.
Affected Version(s)
hermes-webui 0
