Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-49956

CVE-2026-49956: Hermes WebUI Auth Bypass Vulnerability

CVE-2026-49956 is an authentication bypass flaw in Hermes WebUI before 0.51.269 that enables authenticated users to access data from other profiles. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-49956 Overview

CVE-2026-49956 is a profile isolation bypass vulnerability in Hermes WebUI versions before 0.51.269. The flaw resides in the session search endpoint, which fails to filter results by the requesting user's active profile. Authenticated users can query the sessions search handler and retrieve session titles and transcript message content belonging to other profiles. The weakness is classified as Missing Authorization [CWE-862] and stems from an authorization check omitted on a server-side data retrieval path.

Critical Impact

Authenticated low-privilege users can read session titles and full transcript message contents from profiles other than their own, breaking tenant separation within a single Hermes WebUI deployment.

Affected Products

  • Hermes WebUI versions prior to 0.51.269
  • The api/routes.py sessions search handler component
  • Deployments relying on profile-based isolation for multi-user access

Discovery Timeline

  • 2026-06-09 - CVE-2026-49956 published to NVD
  • 2026-06-09 - Last updated in NVD database
  • v0.51.269 - Fix released via GitHub Release v0.51.269

Technical Details for CVE-2026-49956

Vulnerability Analysis

The vulnerability sits in the session search route defined in api/routes.py. The handler accepts a query string parameter q and an optional content flag, then returns matching sessions from the global session store. Before version 0.51.269, the handler did not retrieve the caller's active profile or restrict results to sessions owned by that profile. Any authenticated user could therefore enumerate transcripts across all profiles by issuing a search request. Because the endpoint returns session titles and transcript message bodies, the exposed data includes the full content of conversations recorded under other profiles.

Root Cause

The root cause is a missing authorization check on the search path. The code retrieved all_sessions() and applied only a text match against the query string. The active profile identifier was never read from the session context, and no filter was applied to drop sessions whose profile field did not match the caller. This is a classic Missing Authorization defect [CWE-862] where a data-access function trusts that upstream routing handles tenant separation.

Attack Vector

The attack requires only network access to the Hermes WebUI and a valid authenticated session with low privileges. An attacker sends a GET request to the sessions search endpoint with a chosen query term and parses the JSON response. Because the response includes transcript content when content=1, targeted keyword searches can extract specific sensitive data from other profiles without ever switching the active profile.

python
     qs = parse_qs(parsed.query)
     q = qs.get("q", [""])[0].lower().strip()
     content_search = qs.get("content", ["1"])[0] == "1"
+    from api.profiles import get_active_profile_name
+    active_profile = get_active_profile_name()
+    all_profiles = _all_profiles_query_flag(parsed)
+    sessions = all_sessions()
+    if not all_profiles:
+        sessions = [
+            s for s in sessions
+            if _profiles_match(s.get("profile"), active_profile)
+        ]

Source: GitHub Commit 2c7b530. The patch resolves the issue by reading the active profile via get_active_profile_name() and filtering all_sessions() with _profiles_match() before applying the search query.

Detection Methods for CVE-2026-49956

Indicators of Compromise

  • Authenticated HTTP requests to the sessions search endpoint containing the q parameter and content=1 from accounts that do not typically use search features.
  • Search queries followed by no corresponding session-open events for the returned IDs, suggesting reconnaissance rather than legitimate use.
  • Unexpected presence of the all_profiles query flag in request URLs prior to upgrading to 0.51.269.

Detection Strategies

  • Review Hermes WebUI access logs for sessions search requests issued by user agents that have a single active profile but receive results spanning multiple profile values.
  • Correlate authenticated session identifiers against the profile field of returned session records to identify cross-profile reads.
  • Hunt for high-volume or scripted GET traffic against the search route, especially with broad or single-character q values.

Monitoring Recommendations

  • Enable verbose request logging on the Hermes WebUI reverse proxy and forward logs to a central analytics platform.
  • Alert on any 200-response search queries where the response body references profiles outside the requesting user's assignment.
  • Track deployment versions of Hermes WebUI and flag any instance reporting a version below 0.51.269.

How to Mitigate CVE-2026-49956

Immediate Actions Required

  • Upgrade Hermes WebUI to version 0.51.269 or later using the official release artifacts.
  • Rotate or invalidate active user sessions after upgrading to force re-authentication.
  • Audit transcripts and session metadata for evidence of unauthorized cross-profile access prior to the patch.

Patch Information

The fix is delivered in Hermes WebUI 0.51.269. The patch in api/routes.py introduces an active-profile lookup and filters the session list before the search query is applied. References: GitHub Commit 2c7b530, Pull Request #3646, Pull Request #3672, and the VulnCheck Advisory.

Workarounds

  • Restrict network access to the Hermes WebUI to trusted operators until the upgrade is applied.
  • Block requests to the sessions search endpoint at the reverse proxy for non-administrative accounts.
  • Operate single-profile deployments only, so cross-profile data exposure cannot occur, until patching is possible.
bash
# Example nginx rule to block the sessions search endpoint until patched
location ~* ^/api/sessions/search {
    return 403;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.