GHSA-34j3-4jpj-gx6qHighCVSS 6.5
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export...
🔗 CVE IDs covered (1)
📋 Description
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, enabling attackers to exfiltrate foreign session transcripts by guessing or knowing session identifiers.
🔗 References (7)
- https://nvd.nist.gov/vuln/detail/CVE-2026-55198
- https://github.com/nesquena/hermes-webui/pull/3991
- https://github.com/nesquena/hermes-webui/pull/4269
- https://github.com/nesquena/hermes-webui/commit/2a3baa71b81ca92da8ece8616a09f15894beec71
- https://github.com/nesquena/hermes-webui/releases/tag/v0.51.443
- https://www.vulncheck.com/advisories/hermes-webui-cross-profile-session-data-exfiltration-via-session-export-endpoint
- https://github.com/advisories/GHSA-34j3-4jpj-gx6q