Authentication Bypass in Hermes WebUI by nesquena
CVE-2026-58122

9.3CRITICAL

Key Information:

Vendor

Nesquena

Vendor
CVE Published:
9 July 2026

What is CVE-2026-58122?

Hermes WebUI prior to version 0.51.307 is susceptible to an authentication bypass vulnerability that enables unauthorized remote attackers to circumvent local-origin IP restrictions on onboarding endpoints. By manipulating the X-Forwarded-For header with a loopback address, attackers can exploit this issue to execute server-side request forgery against sensitive internal services. This exploitation can lead to the compromise of cloud metadata endpoints, unauthorized changes to LLM provider configurations, and retrieval of persistent access tokens from stored auth.json files, all of which pose significant security risks.

Affected Version(s)

hermes-webui 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fantasticsquirrel
.