Vulnerability Description
Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session file API to access any file readable by the WebUI process.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/nesquena/hermes-webui/commit/f00cb74f776f22f02f5eb6b39dfb389f
- https://github.com/nesquena/hermes-webui/pull/2048
- https://github.com/nesquena/hermes-webui/releases/tag/v0.51.44
- https://www.vulncheck.com/advisories/hermes-webui-path-traversal-via-session-imp
- https://github.com/nesquena/hermes-webui/pull/2048
FAQ
What is CVE-2026-22677?
CVE-2026-22677 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted sess...
How severe is CVE-2026-22677?
CVE-2026-22677 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22677?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.