Cross-Profile Authorization Bypass in Hermes WebUI by Nesquena
CVE-2026-58174

6MEDIUM

Key Information:

Vendor

Nesquena

Status
Hermes-webui
Vendor
CVE Published:
30 June 2026

What is CVE-2026-58174?

The vulnerability in Hermes WebUI allows unauthorized access to user data due to improper session handling. When a session is imported, the system fails to assign a valid profile, resulting in a null profile value. This oversight permits users on the default profile to export session transcripts, potentially gaining access to sensitive files from other profiles. This jeopardizes the application’s intended profile isolation, leading to significant security implications for users.

Affected Version(s)

hermes-webui 0 < 0.51.521

References

https://github.com/nesquena/hermes-webui/releases/tag/v0....
release-notes
https://github.com/nesquena/hermes-webui/pull/4489
technical-description
https://github.com/nesquena/hermes-webui/pull/4506
issue-tracking

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.