CVE-2026-11461
Published: Sun, 07 Jun 2026 22:16
Summary
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipula
Details
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Are YOU affected by CVE-2026-11461?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-11461 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
- https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa
- https://gist.github.com/YLChen-007/c2d162e9c8d39584223683cdcba98607
- https://vuldb.com/cve/CVE-2026-11461
- https://vuldb.com/submit/829402
- https://vuldb.com/vuln/369081
- https://vuldb.com/vuln/369081/cti
- https://gist.github.com/YLChen-007/7951b3dc39193fb675914cc5d8b672fa
- https://vuldb.com/submit/829402
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.