Vulnerabilities ›

CVE-2026-9352

Medium

CWE-200 — Weakness Type

                    Published: May 24, 2026                      ·  Modified: May 27, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging Gateway Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-9352 is an information disclosure vulnerability in NousResearch hermes-agent up to version 2026.4.23, affecting the _make_run_env function in the Messaging Gateway Handler component. The vulnerability allows remote attackers to manipulate the function and expose sensitive information, with public exploits already available.

📄 Description (Arabic)

يؤثر هذا الضعف على مكون معالج بوابة الرسائل في hermes-agent حيث يمكن للمهاجمين البعيدين التلاعب بدالة _make_run_env لكشف المعلومات الحساسة. تم إتاحة استغلال عام للجمهور مما يزيد من خطر الهجمات الفعلية. لم يستجب البائع لمحاولات الإفصاح المبكرة.

🤖 ملخص تنفيذي (AI)

A vulnerability in NousResearch hermes-agent versions up to 2026.4.23 allows remote information disclosure through manipulation of the _make_run_env function in the Messaging Gateway Handler. Public exploits are available and the vendor has not responded to disclosure attempts.

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 06:41

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government banking

🎯 MITRE ATT&CK Techniques

T1040 T1020

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update NousResearch hermes-agent to version 2026.4.24 or later immediately. Implement network segmentation to restrict access to the Messaging Gateway Handler component. Monitor for suspicious manipulation attempts targeting the _make_run_env function. Apply input validation and sanitization controls to prevent unauthorized function manipulation.

🔧 خطوات المعالجة (العربية)

قم بتحديث NousResearch hermes-agent إلى الإصدار 2026.4.24 أو أحدث فوراً. طبق تقسيم الشبكة لتقييد الوصول إلى مكون معالج بوابة الرسائل. راقب محاولات المعالجة المريبة التي تستهدف دالة _make_run_env. طبق عناصر التحقق من صحة الإدخال والتطهير لمنع المعالجة غير المصرح بها للدالة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.13.1.1

🔵 SAMA CSF

ID.RA-1 PR.DS-1

🟡 ISO 27001:2022

A.12.6.1 A.13.1.3

🔗 References & Sources 4

🔗

https://gist.github.com/YLChen-007/760b3940f708990e535214529c0c7a27

cna@vuldb.com

🔗

https://vuldb.com/submit/812215

cna@vuldb.com

🔗

https://vuldb.com/vuln/365315

cna@vuldb.com

🔗

https://vuldb.com/vuln/365315/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-200

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-05-24

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-200

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9352

Introduce Yourself

Sign In Required