Vulnerabilities ›

CVE-2026-7396

Medium

CWE-22 — Weakness Type

                    Published: Apr 29, 2026                      ·  Modified: May 2, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

🤖 AI Executive Summary

A path traversal vulnerability exists in NousResearch hermes-agent 0.8.0's WeChat Work Platform Adapter that allows remote attackers to access unauthorized files. The vulnerability is in the gateway/platforms/wecom.py file and has publicly available exploits.

📄 Description (Arabic)

تم تحديد ثغرة اجتياز مسار في NousResearch hermes-agent 0.8.0 في ملف gateway/platforms/wecom.py الخاص بمحول منصة WeChat Work. تسمح هذه الثغرة للمهاجمين بالوصول عن بعد إلى ملفات غير مصرح بها على النظام. يتوفر استغلال عام للثغرة مما يزيد من خطورتها.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 04:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government

🎯 MITRE ATT&CK Techniques

T1083 T1190

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade NousResearch hermes-agent to version 0.8.1 or later. Implement input validation and sanitization for file path parameters. Apply principle of least privilege to restrict file system access. Monitor and log all file access attempts through the WeChat Work adapter.

🔧 خطوات المعالجة (العربية)

قم بترقية NousResearch hermes-agent إلى الإصدار 0.8.1 أو أحدث. قم بتنفيذ التحقق من صحة المدخلات وتنظيفها لمعاملات مسار الملف. طبق مبدأ أقل امتياز لتقييد الوصول إلى نظام الملفات. راقب وسجل جميع محاولات الوصول إلى الملفات من خلال محول WeChat Work.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1.1 2.1.2

🔵 SAMA CSF

AC-3 SI-10

🟡 ISO 27001:2022

A.6.1.2 A.14.2.1

🔗 References & Sources 6

🔗

https://github.com/NousResearch/hermes-agent/

cna@vuldb.com

🔗

https://github.com/NousResearch/hermes-agent/issues/8733

cna@vuldb.com

🔗

https://github.com/bugmaker2/hermes-agent/issues/29

cna@vuldb.com

🔗

https://vuldb.com/submit/803269

cna@vuldb.com

🔗

https://vuldb.com/vuln/360120

cna@vuldb.com

🔗

https://vuldb.com/vuln/360120/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-22

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-04-29

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7396

Introduce Yourself

Sign In Required