Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files | Advisories

Advisories

Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files

severity: medium
date: 6/17/2026
Affecting: Hermes Agent < 0.16.0
CVE: CVE-2026-53870
CWE: CWE-276 Incorrect Default Permissions
CVSS: 6.8
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: Release Notes
Researcher Pull Request
Maintainer Pull Request
Patch Commit
Credit: Chia Min Jun Lennon
Description: Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including conversation history, tool payloads, prompts, and per-route HMAC secrets.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo