📄 Description (English)
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-10223 is a medium-severity injection vulnerability in NousResearch hermes-agent affecting the memory scanning functionality. The vulnerability allows remote attackers to inject malicious code through the _scan_memory_content function, potentially leading to unauthorized data access or system compromise. With public exploit availability and no vendor patch, immediate mitigation is required for organizations using this agent framework.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 10:10
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations utilizing AI/ML frameworks for automation and data processing, particularly in: (1) Financial Technology sector (fintech companies, digital banking platforms under SAMA oversight) - risk of unauthorized access to sensitive financial data; (2) Government digital transformation initiatives (NCA-regulated entities) - potential compromise of automated systems and data pipelines; (3) Healthcare institutions - risk to patient data processing systems; (4) Energy sector (ARAMCO and subsidiaries) - threat to operational technology automation systems. The lack of vendor response increases risk exposure for all affected organizations.
🏢 Affected Saudi Sectors
Financial Technology & Banking
Government & Public Administration
Healthcare
Energy & Utilities
Telecommunications
Artificial Intelligence & Automation Services
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all systems running NousResearch hermes-agent versions up to 2026.4.30
2. Isolate affected systems from production networks if possible, or implement network segmentation
3. Review access logs for suspicious memory scanning activities or injection attempts
4. Disable the memory_tool.py functionality if not critical to operations
MITIGATION CONTROLS:
5. Implement input validation and sanitization for all memory scanning operations
6. Apply Web Application Firewall (WAF) rules to detect injection patterns (SQL, command, code injection signatures)
7. Restrict network access to hermes-agent services using firewall rules and network ACLs
8. Enable comprehensive logging and monitoring of _scan_memory_content function calls
DETECTION RULES:
9. Monitor for unusual process execution spawned from hermes-agent processes
10. Alert on memory access patterns deviating from baseline behavior
11. Track failed and successful injection attempts in application logs
12. Implement SIEM rules for CWE-74 injection attack signatures
PATCHING:
13. Contact NousResearch for security updates or consider alternative frameworks
14. Evaluate migration to patched versions or alternative AI agent solutions
15. Establish vendor communication protocol for future security disclosures
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع الأنظمة التي تعمل بإصدارات NousResearch hermes-agent حتى 2026.4.30
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن، أو تطبيق تقسيم الشبكة
3. مراجعة سجلات الوصول للأنشطة المريبة في مسح الذاكرة أو محاولات الحقن
4. تعطيل وظيفة memory_tool.py إذا لم تكن حرجة للعمليات
ضوابط التخفيف:
5. تطبيق التحقق من صحة المدخلات والتطهير لجميع عمليات مسح الذاكرة
6. تطبيق قواعد جدار الحماية (WAF) للكشف عن أنماط الحقن
7. تقييد الوصول إلى خدمات hermes-agent باستخدام قواعد جدار الحماية وقوائم التحكم بالوصول
8. تفعيل السجلات الشاملة ومراقبة استدعاءات دالة _scan_memory_content
قواعد الكشف:
9. مراقبة تنفيذ العمليات غير العادية من عمليات hermes-agent
10. التنبيه على أنماط الوصول إلى الذاكرة التي تنحرف عن السلوك الأساسي
11. تتبع محاولات الحقن الفاشلة والناجحة في سجلات التطبيق
12. تطبيق قواعد SIEM للكشف عن توقيعات هجمات CWE-74
التصحيح:
13. التواصل مع NousResearch للحصول على تحديثات أمان أو النظر في أطر عمل بديلة
14. تقييم الترقية إلى إصدارات مصححة أو حلول وكيل ذكاء اصطناعي بديلة
15. إنشاء بروتوكول اتصال البائع لعمليات الكشف عن الثغرات الأمنية في المستقبل
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements in supplier relationships
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.2.1 - Establishment of information security baselines
🔵 SAMA CSF
SAMA CSF ID.RA-1 - Asset Management and Risk Assessment
SAMA CSF PR.DS-6 - Data Protection and Privacy
SAMA CSF DE.CM-1 - Detection and Analysis
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Implementation of secure development policy
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.14.2.1 - Supplier security requirements
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 6.5.1 - Injection flaws prevention
🔗 References & Sources 5