Vulnerabilities ›

CVE-2026-9354

Medium

CWE-74 — Weakness Type

                    Published: May 24, 2026                      ·  Modified: May 27, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-9354 is a medium-severity output escaping vulnerability in NousResearch hermes-agent affecting Slack and Mattermost integrations. The vulnerability allows remote attackers to manipulate the format_message argument, potentially leading to injection attacks or information disclosure through improperly escaped output. With public exploit availability and no vendor patch, immediate mitigation is required for organizations using these chat integrations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 17:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations using hermes-agent for Slack/Mattermost integrations face moderate risk, particularly in: Government agencies (NCA, CITC) using these platforms for internal communications; Banking sector (SAMA-regulated institutions) leveraging chat integrations for operational messaging; Telecom companies (STC, Mobily) utilizing agent-based automation; Healthcare organizations using collaborative platforms. The output escaping vulnerability could enable attackers to inject malicious content into chat messages, potentially compromising internal communications and enabling social engineering attacks.

🏢 Affected Saudi Sectors

Government Banking Telecommunications Healthcare Energy

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1566 - Phishing T1598 - Phishing for Information

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all instances of NousResearch hermes-agent version 2026.4.16 or earlier in your environment

2. Disable or isolate Slack/Mattermost Agent components until patching is available

3. Review chat logs for suspicious format_message manipulations or unusual output patterns

4. Implement input validation on all format_message parameters



Compensating Controls:

1. Deploy Web Application Firewall (WAF) rules to detect and block format_message injection attempts

2. Implement strict output encoding/escaping at the application layer for all chat integrations

3. Enable enhanced logging and monitoring for Slack/Mattermost agent activities

4. Restrict API access to hermes-agent components using network segmentation

5. Apply principle of least privilege to service accounts used by agents



Detection Rules:

1. Monitor for unusual characters or escape sequences in format_message parameters

2. Alert on format_message values containing HTML/XML tags or script content

3. Track failed message formatting attempts and subsequent error messages

4. Monitor for unexpected output in Slack/Mattermost channels from agent sources

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع نسخ NousResearch hermes-agent الإصدار 2026.4.16 أو الأقدم في بيئتك

2. تعطيل أو عزل مكونات Slack/Mattermost Agent حتى يتوفر التصحيح

3. مراجعة سجلات الدردشة للتحقق من معالجات format_message المريبة أو أنماط الإخراج غير المعتادة

4. تطبيق التحقق من صحة الإدخال على جميع معاملات format_message

الضوابط البديلة:

1. نشر قواعد جدار الحماية (WAF) للكشف عن محاولات حقن format_message وحجبها

2. تطبيق ترميز/هروب صارم للإخراج على مستوى التطبيق لجميع تكاملات الدردشة

3. تفعيل السجلات المحسّنة والمراقبة لأنشطة وكيل Slack/Mattermost

4. تقييد وصول API لمكونات hermes-agent باستخدام تقسيم الشبكة

5. تطبيق مبدأ أقل امتياز على حسابات الخدمة المستخدمة من قبل الوكلاء

قواعد الكشف:

1. مراقبة الأحرف غير المعتادة أو تسلسلات الهروب في معاملات format_message

2. التنبيه على قيم format_message التي تحتوي على علامات HTML/XML أو محتوى البرنامج النصي

3. تتبع محاولات تنسيق الرسائل الفاشلة والرسائل الخطأ اللاحقة

4. مراقبة الإخراج غير المتوقع في قنوات Slack/Mattermost من مصادر الوكيل

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Information security requirements for supplier relationships ECC 2024 A.5.1.1 - Policies for information security ECC 2024 A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.BE-1 - Business objectives and strategies PR.DS-1 - Data security management DE.CM-1 - Detection and analysis

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Supplier security requirements A.5.1.1 - Information security policies

🟣 PCI DSS v4.0.1

Requirement 6.2 - Security patches and updates Requirement 6.5.1 - Injection flaws prevention

🔗 References & Sources 4

🔗

https://gist.github.com/YLChen-007/e90fb38ac03284176bae49898a3a46a4

cna@vuldb.com

🔗

https://vuldb.com/submit/812226

cna@vuldb.com

🔗

https://vuldb.com/vuln/365317

cna@vuldb.com

🔗

https://vuldb.com/vuln/365317/cti

cna@vuldb.com

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-74

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-24

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-9354

Introduce Yourself

Sign In Required