CVE-2026-22677

EUVD-2026-30109
Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace field and subsequently use relative paths in the session file API to access any file readable by the WebUI process.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/nesquena/hermes-webui/commit/f00cb74f776f22f02f5eb6b39dfb389f87cc7fd3
https://github.com/nesquena/hermes-webui/pull/2048
https://github.com/nesquena/hermes-webui/releases/tag/v0.51.44
https://www.vulncheck.com/advisories/hermes-webui-path-traversal-via-session-import-endpoint