📄 Description (English)
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-9351 is a path traversal vulnerability in NousResearch hermes-agent affecting the read_file tool's _is_blocked_device function. With a CVSS score of 6.5 (medium), this flaw allows remote attackers to bypass file access restrictions and read arbitrary files on affected systems. The vulnerability is particularly concerning as exploit code is publicly available and the vendor has not responded to disclosure attempts.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 26, 2026 17:17
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations utilizing AI/ML development frameworks, particularly: (1) Government AI initiatives and digital transformation projects under NCA oversight; (2) Banking sector institutions developing AI-driven financial services and analytics platforms; (3) Telecommunications companies (STC, Mobily) implementing AI-based network management and customer service tools; (4) Energy sector (ARAMCO, SEC) using AI for operational technology and data analysis; (5) Healthcare institutions deploying AI diagnostic and administrative systems. The path traversal vulnerability could expose sensitive data including financial records, personal information, operational parameters, and classified government documents.
🏢 Affected Saudi Sectors
Government and Digital Transformation
Banking and Financial Services
Telecommunications
Energy and Oil & Gas
Healthcare
Research and Development
Artificial Intelligence and Machine Learning Development
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all systems running NousResearch hermes-agent versions up to 2026.4.16
2. Isolate affected systems from production environments if possible
3. Review access logs for suspicious file read attempts targeting sensitive directories
4. Implement network segmentation to restrict hermes-agent component access
Patching Guidance:
1. Contact NousResearch for security updates or migrate to alternative AI agent frameworks
2. If upgrade unavailable, apply input validation patches to _is_blocked_device function
3. Implement strict path canonicalization before file operations
Compensating Controls:
1. Deploy Web Application Firewall (WAF) rules to detect path traversal patterns (../, ..\, encoded variants)
2. Implement file system access controls using principle of least privilege
3. Run hermes-agent with minimal file system permissions
4. Enable comprehensive audit logging for all file access attempts
5. Deploy SIEM rules to alert on suspicious file read patterns
Detection Rules:
1. Monitor for requests containing path traversal sequences: ../, ..\ , %2e%2e, unicode variants
2. Alert on file access attempts outside designated application directories
3. Track failed file access attempts followed by successful reads
4. Monitor for access to sensitive files: /etc/passwd, /etc/shadow, configuration files, database credentials
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل NousResearch hermes-agent الإصدارات حتى 2026.4.16
2. عزل الأنظمة المتأثرة عن بيئات الإنتاج إن أمكن
3. مراجعة سجلات الوصول للكشف عن محاولات قراءة ملفات مريبة تستهدف الدلائل الحساسة
4. تنفيذ تقسيم الشبكة لتقييد وصول مكون hermes-agent
إرشادات التصحيح:
1. الاتصال بـ NousResearch للحصول على تحديثات أمان أو الهجرة إلى أطر عمل بديلة
2. إذا لم يكن الترقية متاحة، تطبيق تصحيحات التحقق من الإدخال على وظيفة _is_blocked_device
3. تنفيذ تطبيع المسار الصارم قبل عمليات الملفات
الضوابط البديلة:
1. نشر قواعد جدار حماية تطبيقات الويب للكشف عن أنماط اجتياز المسار
2. تنفيذ ضوابط الوصول إلى نظام الملفات باستخدام مبدأ الامتياز الأدنى
3. تشغيل hermes-agent بأذونات نظام ملفات محدودة
4. تفعيل تسجيل التدقيق الشامل لجميع محاولات الوصول إلى الملفات
5. نشر قواعد SIEM للتنبيه على أنماط قراءة الملفات المريبة
قواعد الكشف:
1. مراقبة الطلبات التي تحتوي على تسلسلات اجتياز المسار
2. التنبيه على محاولات الوصول إلى الملفات خارج دلائل التطبيق المخصصة
3. تتبع محاولات الوصول الفاشلة متبوعة بقراءات ناجحة
4. مراقبة الوصول إلى الملفات الحساسة والملفات الحساسة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.1.1 - Access Control and Authentication
ECC 2024 A.8.2.1 - System Hardening and Configuration Management
ECC 2024 A.12.2.1 - Change Management and Patch Management
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Software and Hardware Inventory
SAMA CSF PR.AC-1 - Access Control and Authentication
SAMA CSF PR.PT-2 - System and Information Integrity
SAMA CSF DE.CM-1 - System Monitoring and Anomaly Detection
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.8.1 - User Endpoint Devices
ISO 27001:2022 A.8.22 - Monitoring
ISO 27001:2022 A.12.6.1 - Management of Technical Vulnerabilities
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patch Management
PCI DSS 7.1 - Limit Access to System Components
PCI DSS 10.2 - Implement Automated Audit Trails