CVE-2026-9366

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability Details

Published Date

May 24, 2026

Last Modified

May 24, 2026

CWE ID

CWE-74

Source

NVD

External References

https://gist.github.com/YLChen-007/581fd92de5548fbaacb2092e848a75cc
https://vuldb.com/submit/812227
https://vuldb.com/vuln/365329
https://vuldb.com/vuln/365329/cti

CVE-2026-9366

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment