📄 Description (English)
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-9350 is a high-severity authorization bypass vulnerability in NousResearch hermes-agent affecting the Batch Runner component. The vulnerability in the check_all_command_guards function allows remote attackers to bypass authorization controls, potentially enabling unauthorized command execution. With no patch available and the vendor unresponsive, immediate compensating controls are critical for affected Saudi organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 26, 2026 19:37
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi government agencies, research institutions, and technology companies utilizing hermes-agent for batch processing and automation. High-risk sectors include: (1) Government/NCA - potential unauthorized access to critical administrative systems; (2) Banking/SAMA - risk to automated transaction processing and financial systems; (3) Energy/ARAMCO - threat to operational technology and automation systems; (4) Healthcare - compromise of automated medical data processing; (5) Telecom/STC - risk to network automation and management systems. The authorization bypass could enable lateral movement and privilege escalation within critical infrastructure.
🏢 Affected Saudi Sectors
Government
Banking
Energy
Healthcare
Telecommunications
Research & Development
Technology Services
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all hermes-agent deployments across your organization, particularly those running versions up to 2026.4.16
2. Isolate affected systems from production networks if possible, or implement network segmentation
3. Enable comprehensive logging and monitoring of all Batch Runner activities
4. Review access logs for suspicious command execution patterns
COMPENSATING CONTROLS:
1. Implement network-level access controls restricting Batch Runner to authorized users/systems only
2. Deploy Web Application Firewall (WAF) rules to detect and block suspicious batch processing requests
3. Implement additional authentication layer (MFA) for Batch Runner access
4. Apply principle of least privilege - restrict service account permissions to minimum required
5. Monitor check_all_command_guards function calls for anomalies using SIEM
DETECTION RULES:
1. Alert on any Batch Runner API calls without proper authorization headers
2. Monitor for repeated failed authorization checks followed by successful command execution
3. Track unusual command patterns in batch jobs (e.g., system commands, file access outside normal scope)
4. Flag any direct function calls to check_all_command_guards with null/empty parameters
PATCHING STRATEGY:
1. Contact NousResearch for security updates or consider alternative solutions
2. Evaluate migration to patched versions when available
3. If no patch emerges, plan for system replacement or decommissioning
4. Maintain vendor communication for security advisories
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع نشرات hermes-agent عبر مؤسستك، خاصة تلك التي تعمل بالإصدارات حتى 2026.4.16
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن، أو تطبيق تقسيم الشبكة
3. تفعيل السجلات الشاملة ومراقبة جميع أنشطة Batch Runner
4. مراجعة سجلات الوصول للبحث عن أنماط تنفيذ أوامر مريبة
عناصر التحكم البديلة:
1. تطبيق عناصر التحكم في الوصول على مستوى الشبكة لتقييد Batch Runner للمستخدمين/الأنظمة المصرح بها فقط
2. نشر قواعد جدار الحماية (WAF) للكشف عن طلبات معالجة الدفعات المريبة وحجبها
3. تطبيق طبقة مصادقة إضافية (MFA) لوصول Batch Runner
4. تطبيق مبدأ أقل صلاحية - تقييد صلاحيات حساب الخدمة بالحد الأدنى المطلوب
5. مراقبة استدعاءات دالة check_all_command_guards للكشف عن الشذوذ باستخدام SIEM
قواعد الكشف:
1. تنبيه على أي استدعاءات Batch Runner API بدون رؤوس تفويض مناسبة
2. مراقبة فحوصات التفويض الفاشلة المتكررة متبوعة بتنفيذ أوامر ناجح
3. تتبع أنماط الأوامر غير العادية في وظائف الدفعات
4. وضع علامة على أي استدعاءات مباشرة لدالة check_all_command_guards بمعاملات فارغة/خالية
استراتيجية التصحيح:
1. التواصل مع NousResearch للحصول على تحديثات أمنية أو النظر في حلول بديلة
2. تقييم الترقية إلى إصدارات مصححة عند توفرها
3. إذا لم يظهر تصحيح، خطط لاستبدال النظام أو إيقافه
4. الحفاظ على التواصل مع البائع للحصول على تنبيهات الأمان
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.6.2.2 - User Access Rights Review
A.9.2.1 - User Endpoint Devices
A.9.4.1 - Restriction of Access to Information
A.12.4.1 - Event Logging
A.12.4.3 - Administrator and Operator Logs
🔵 SAMA CSF
Governance & Risk Management - Authorization and Access Control
Information & Cybersecurity - Access Control and Authentication
Information & Cybersecurity - Audit Logging and Monitoring
Operational Resilience - Incident Detection and Response
🟡 ISO 27001:2022
5.3 - Access Control
5.15 - Authentication
5.16 - Authorization
8.3 - Protection of Personally Identifiable Information
8.4 - Cryptography
8.15 - Logging
🟣 PCI DSS v4.0.1
Requirement 2 - Default Security Parameters
Requirement 6 - Secure Development and Vulnerability Management
Requirement 7 - Restrict Access to Cardholder Data
Requirement 8 - Identify and Authenticate Access
Requirement 10 - Track and Monitor Access to Network Resources