Vulnerability Description
nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/start, and /api/workspaces/add. Attackers can repoint a session workspace to a directory outside the intended trusted root and then use ordinary file read and write APIs to access or modify files outside the intended workspace boundary within the permissions of the hermes-webui process.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/nesquena/hermes-webui/commit/2a7a5ddfaf39e3b0094b7ac37e9f1dbc
- https://github.com/nesquena/hermes-webui/pull/416
- https://github.com/nesquena/hermes-webui/releases/tag/v0.50.34
- https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-d
FAQ
What is CVE-2026-6829?
CVE-2026-6829 is a vulnerability with a CVSS score of 6.3 (MEDIUM). nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulatin...
How severe is CVE-2026-6829?
CVE-2026-6829 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-6829?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.