All 3 CVE vulnerabilities found in hermes-webui, with AI-generated Chinese analysis, references, and POCs.
Vendor: nesquena
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6832 | Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id CWE-22 | 8.1 | High | 2026-04-21 |
| CVE-2026-6830 | Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch CWE-668 | 3.3 | Low | 2026-04-21 |
| CVE-2026-6829 | nesquena hermes-webui Arbitrary Workspace Directory Access CWE-22 | 6.3 | Medium | 2026-04-21 |
All 3 known CVE vulnerabilities affecting hermes-webui with full Chinese analysis, references, and POCs where available.