Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-49957

CVE-2026-49957: Hermes WebUI Path Traversal Vulnerability

CVE-2026-49957 is a path traversal flaw in Hermes WebUI allowing authenticated attackers to bypass workspace boundaries and access system files. This post covers technical details, affected versions, and mitigation.

Published:

CVE-2026-49957 Overview

CVE-2026-49957 is a workspace boundary bypass vulnerability in Hermes WebUI versions prior to 0.51.296. The flaw resides in the SSH/remote terminal profile workspace resolution logic within the _remote_terminal_workspace_candidate() function. An authenticated attacker can configure a remote terminal working directory to a sensitive system path such as /etc, causing workspace resolution to accept it as a trusted local workspace root. The _is_blocked_workspace_path() guard never executes because of an early return, enabling read access to local system files through workspace file-read helpers. The issue is classified under CWE-22 (Path Traversal).

Critical Impact

Authenticated attackers can read arbitrary local system files by configuring a remote terminal working directory to bypass workspace path restrictions.

Affected Products

  • Hermes WebUI versions prior to 0.51.296
  • Deployments exposing the api/workspace.py remote terminal profile functionality
  • Instances allowing authenticated users to configure SSH/remote terminal profiles

Discovery Timeline

  • 2026-06-09 - CVE-2026-49957 published to NVD
  • 2026-06-10 - Last updated in NVD database

Technical Details for CVE-2026-49957

Vulnerability Analysis

The vulnerability stems from incorrect ordering of trust decisions in the workspace resolution pipeline. Hermes WebUI exposes a workspace abstraction that enforces path boundaries through _is_blocked_workspace_path(). This guard normally rejects attempts to access sensitive directories outside permitted workspace roots.

However, the SSH/remote terminal profile code path invokes _remote_terminal_workspace_candidate() before the blocked-path guard executes. The candidate function returns early when a remote terminal working directory is configured, treating that path as a trusted local workspace root. The blocked-path check is never reached for these candidates.

Authenticated attackers exploit this gap to read files from system directories using existing workspace file-read helpers. The impact is confined to confidentiality of files readable by the Hermes WebUI process.

Root Cause

The root cause is a control flow defect where path validation occurs after, rather than before, candidate path acceptance. The early return in _remote_terminal_workspace_candidate() short-circuits the security check, violating the principle that all candidate workspace roots must pass the blocked-path guard before being trusted.

Attack Vector

An authenticated user with permission to configure remote terminal profiles sets the working directory to a target system path such as /etc, /var/log, or /root. Subsequent workspace file-read requests resolve against the attacker-controlled root and return file contents that would otherwise be blocked. No special privilege escalation is required beyond the ability to create or modify a terminal profile.

No verified proof-of-concept code is publicly available. Refer to the VulnCheck Security Advisory and the GitHub Commit for technical specifics of the patch.

Detection Methods for CVE-2026-49957

Indicators of Compromise

  • Remote terminal profile configurations referencing system paths such as /etc, /root, /var, or /proc
  • Workspace file-read API requests returning content from outside expected project directories
  • Audit log entries showing profile modifications followed by file-read calls targeting sensitive paths
  • Hermes WebUI process accessing files unrelated to user project workspaces

Detection Strategies

  • Inspect persisted remote terminal profile records for working directories pointing at OS paths
  • Correlate authenticated user actions that create or update terminal profiles with subsequent workspace file-read calls
  • Alert when workspace resolution returns paths outside the configured project root hierarchy
  • Review web server access logs for sequential api/workspace.py requests originating from a single session

Monitoring Recommendations

  • Enable verbose application logging for the _remote_terminal_workspace_candidate() and _is_blocked_workspace_path() code paths
  • Forward Hermes WebUI logs to a centralized log analytics platform for path-traversal pattern matching
  • Track unique workspace root values per user and flag deviations from baseline
  • Monitor file system reads by the Hermes WebUI service process against an allowlist of expected directories

How to Mitigate CVE-2026-49957

Immediate Actions Required

  • Upgrade Hermes WebUI to version 0.51.296 or later immediately
  • Audit all existing remote terminal profile configurations for suspicious working directories
  • Revoke or restrict authenticated user permissions to create or modify terminal profiles where not required
  • Review application and access logs for prior exploitation indicators

Patch Information

The vulnerability is resolved in Hermes WebUI v0.51.296. The fix is documented in Pull Request #3731, Pull Request #3744, and the corresponding commit 91a89fb. The patch reorders the workspace resolution logic so the _is_blocked_workspace_path() guard executes before remote terminal candidates are accepted.

Workarounds

  • Restrict access to Hermes WebUI to trusted users until the patched version is deployed
  • Disable remote terminal profile creation for non-administrative accounts where supported
  • Run the Hermes WebUI process under a least-privilege service account to limit file read scope
  • Place the application behind authentication proxies enforcing additional access controls
bash
# Configuration example
# Upgrade Hermes WebUI to the patched release
pip install --upgrade hermes-webui==0.51.296

# Verify the installed version
hermes-webui --version

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.