CVE-2026-14626 (GCVE-0-2026-14626)

Vulnerability from cvelistv5 – Published: 2026-07-04 12:00 – Updated: 2026-07-07 02:29
VLAI
Title
NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service
Summary
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/376142 vdb-entrytechnical-description
https://vuldb.com/vuln/376142/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-14626 third-party-advisory
https://vuldb.com/submit/845596 third-party-advisory
https://gist.github.com/YLChen-007/b91a85f9448bea… exploit
Impacted products
Vendor Product Version
NousResearch hermes-agent Affected: 2026.4.0
Affected: 2026.4.1
Affected: 2026.4.2
Affected: 2026.4.3
Affected: 2026.4.4
Affected: 2026.4.5
Affected: 2026.4.6
Affected: 2026.4.7
Affected: 2026.4.8
Affected: 2026.4.9
Affected: 2026.4.10
Affected: 2026.4.11
Affected: 2026.4.12
Affected: 2026.4.13
Affected: 2026.4.14
Affected: 2026.4.15
Affected: 2026.4.16
Affected: 2026.4.17
Affected: 2026.4.18
Affected: 2026.4.19
Affected: 2026.4.20
Affected: 2026.4.21
Affected: 2026.4.22
Affected: 2026.4.23
Affected: 2026.4.24
Affected: 2026.4.25
Affected: 2026.4.26
Affected: 2026.4.27
Affected: 2026.4.28
Affected: 2026.4.29
Affected: 2026.4.30
    cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-a (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14626",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-07T02:29:16.781487Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-07T02:29:27.952Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "HTTP API"
          ],
          "product": "hermes-agent",
          "vendor": "NousResearch",
          "versions": [
            {
              "status": "affected",
              "version": "2026.4.0"
            },
            {
              "status": "affected",
              "version": "2026.4.1"
            },
            {
              "status": "affected",
              "version": "2026.4.2"
            },
            {
              "status": "affected",
              "version": "2026.4.3"
            },
            {
              "status": "affected",
              "version": "2026.4.4"
            },
            {
              "status": "affected",
              "version": "2026.4.5"
            },
            {
              "status": "affected",
              "version": "2026.4.6"
            },
            {
              "status": "affected",
              "version": "2026.4.7"
            },
            {
              "status": "affected",
              "version": "2026.4.8"
            },
            {
              "status": "affected",
              "version": "2026.4.9"
            },
            {
              "status": "affected",
              "version": "2026.4.10"
            },
            {
              "status": "affected",
              "version": "2026.4.11"
            },
            {
              "status": "affected",
              "version": "2026.4.12"
            },
            {
              "status": "affected",
              "version": "2026.4.13"
            },
            {
              "status": "affected",
              "version": "2026.4.14"
            },
            {
              "status": "affected",
              "version": "2026.4.15"
            },
            {
              "status": "affected",
              "version": "2026.4.16"
            },
            {
              "status": "affected",
              "version": "2026.4.17"
            },
            {
              "status": "affected",
              "version": "2026.4.18"
            },
            {
              "status": "affected",
              "version": "2026.4.19"
            },
            {
              "status": "affected",
              "version": "2026.4.20"
            },
            {
              "status": "affected",
              "version": "2026.4.21"
            },
            {
              "status": "affected",
              "version": "2026.4.22"
            },
            {
              "status": "affected",
              "version": "2026.4.23"
            },
            {
              "status": "affected",
              "version": "2026.4.24"
            },
            {
              "status": "affected",
              "version": "2026.4.25"
            },
            {
              "status": "affected",
              "version": "2026.4.26"
            },
            {
              "status": "affected",
              "version": "2026.4.27"
            },
            {
              "status": "affected",
              "version": "2026.4.28"
            },
            {
              "status": "affected",
              "version": "2026.4.29"
            },
            {
              "status": "affected",
              "version": "2026.4.30"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-a (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T12:00:07.960Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376142 | NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376142"
        },
        {
          "name": "VDB-376142 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376142/cti"
        },
        {
          "name": "CVE-2026-14626 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14626"
        },
        {
          "name": "Submit #845596 | NousResearch Hermes Agent \u003c= v2026.4.30 Insufficient Verification of Data Authenticity (CWE-345)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/845596"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/YLChen-007/b91a85f9448beadebe25d37a3f4fd760"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-03T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-03T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-03T19:13:02.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14626",
    "datePublished": "2026-07-04T12:00:07.960Z",
    "dateReserved": "2026-07-03T17:07:48.069Z",
    "dateUpdated": "2026-07-07T02:29:27.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-14626",
      "date": "2026-07-08",
      "epss": "0.00277",
      "percentile": "0.19502"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-14626\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-07-04T12:16:53.903\",\"lastModified\":\"2026-07-07T04:17:23.623\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.\"}],\"affected\":[{\"source\":\"cna@vuldb.com\",\"affectedData\":[{\"vendor\":\"NousResearch\",\"product\":\"hermes-agent\",\"cpes\":[\"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*\"],\"modules\":[\"HTTP API\"],\"versions\":[{\"version\":\"2026.4.0\",\"status\":\"affected\"},{\"version\":\"2026.4.1\",\"status\":\"affected\"},{\"version\":\"2026.4.2\",\"status\":\"affected\"},{\"version\":\"2026.4.3\",\"status\":\"affected\"},{\"version\":\"2026.4.4\",\"status\":\"affected\"},{\"version\":\"2026.4.5\",\"status\":\"affected\"},{\"version\":\"2026.4.6\",\"status\":\"affected\"},{\"version\":\"2026.4.7\",\"status\":\"affected\"},{\"version\":\"2026.4.8\",\"status\":\"affected\"},{\"version\":\"2026.4.9\",\"status\":\"affected\"},{\"version\":\"2026.4.10\",\"status\":\"affected\"},{\"version\":\"2026.4.11\",\"status\":\"affected\"},{\"version\":\"2026.4.12\",\"status\":\"affected\"},{\"version\":\"2026.4.13\",\"status\":\"affected\"},{\"version\":\"2026.4.14\",\"status\":\"affected\"},{\"version\":\"2026.4.15\",\"status\":\"affected\"},{\"version\":\"2026.4.16\",\"status\":\"affected\"},{\"version\":\"2026.4.17\",\"status\":\"affected\"},{\"version\":\"2026.4.18\",\"status\":\"affected\"},{\"version\":\"2026.4.19\",\"status\":\"affected\"},{\"version\":\"2026.4.20\",\"status\":\"affected\"},{\"version\":\"2026.4.21\",\"status\":\"affected\"},{\"version\":\"2026.4.22\",\"status\":\"affected\"},{\"version\":\"2026.4.23\",\"status\":\"affected\"},{\"version\":\"2026.4.24\",\"status\":\"affected\"},{\"version\":\"2026.4.25\",\"status\":\"affected\"},{\"version\":\"2026.4.26\",\"status\":\"affected\"},{\"version\":\"2026.4.27\",\"status\":\"affected\"},{\"version\":\"2026.4.28\",\"status\":\"affected\"},{\"version\":\"2026.4.29\",\"status\":\"affected\"},{\"version\":\"2026.4.30\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-07T02:29:16.781487Z\",\"id\":\"CVE-2026-14626\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"references\":[{\"url\":\"https://gist.github.com/YLChen-007/b91a85f9448beadebe25d37a3f4fd760\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/cve/CVE-2026-14626\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/submit/845596\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/376142\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/376142/cti\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-14626\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-07T02:29:16.781487Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-07T02:29:23.245Z\"}}], \"cna\": {\"title\": \"NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Eric-a (VulDB User)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"VulDB CNA Team\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4, \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*\"], \"vendor\": \"NousResearch\", \"modules\": [\"HTTP API\"], \"product\": \"hermes-agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"2026.4.0\"}, {\"status\": \"affected\", \"version\": \"2026.4.1\"}, {\"status\": \"affected\", \"version\": \"2026.4.2\"}, {\"status\": \"affected\", \"version\": \"2026.4.3\"}, {\"status\": \"affected\", \"version\": \"2026.4.4\"}, {\"status\": \"affected\", \"version\": \"2026.4.5\"}, {\"status\": \"affected\", \"version\": \"2026.4.6\"}, {\"status\": \"affected\", \"version\": \"2026.4.7\"}, {\"status\": \"affected\", \"version\": \"2026.4.8\"}, {\"status\": \"affected\", \"version\": \"2026.4.9\"}, {\"status\": \"affected\", \"version\": \"2026.4.10\"}, {\"status\": \"affected\", \"version\": \"2026.4.11\"}, {\"status\": \"affected\", \"version\": \"2026.4.12\"}, {\"status\": \"affected\", \"version\": \"2026.4.13\"}, {\"status\": \"affected\", \"version\": \"2026.4.14\"}, {\"status\": \"affected\", \"version\": \"2026.4.15\"}, {\"status\": \"affected\", \"version\": \"2026.4.16\"}, {\"status\": \"affected\", \"version\": \"2026.4.17\"}, {\"status\": \"affected\", \"version\": \"2026.4.18\"}, {\"status\": \"affected\", \"version\": \"2026.4.19\"}, {\"status\": \"affected\", \"version\": \"2026.4.20\"}, {\"status\": \"affected\", \"version\": \"2026.4.21\"}, {\"status\": \"affected\", \"version\": \"2026.4.22\"}, {\"status\": \"affected\", \"version\": \"2026.4.23\"}, {\"status\": \"affected\", \"version\": \"2026.4.24\"}, {\"status\": \"affected\", \"version\": \"2026.4.25\"}, {\"status\": \"affected\", \"version\": \"2026.4.26\"}, {\"status\": \"affected\", \"version\": \"2026.4.27\"}, {\"status\": \"affected\", \"version\": \"2026.4.28\"}, {\"status\": \"affected\", \"version\": \"2026.4.29\"}, {\"status\": \"affected\", \"version\": \"2026.4.30\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-07-03T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-07-03T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-07-03T19:13:02.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/376142\", \"name\": \"VDB-376142 | NousResearch hermes-agent HTTP API run_agent.py AIAgent.run_conversation denial of service\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/376142/cti\", \"name\": \"VDB-376142 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/cve/CVE-2026-14626\", \"name\": \"CVE-2026-14626 | CVE Analysis and Report\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/submit/845596\", \"name\": \"Submit #845596 | NousResearch Hermes Agent \u003c= v2026.4.30 Insufficient Verification of Data Authenticity (CWE-345)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://gist.github.com/YLChen-007/b91a85f9448beadebe25d37a3f4fd760\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"Denial of Service\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-07-04T12:00:07.960Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-14626\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-07T02:29:27.952Z\", \"dateReserved\": \"2026-07-03T17:07:48.069Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-07-04T12:00:07.960Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…