Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-55197

CVE-2026-55197: Hermes WebUI Information Disclosure Flaw

CVE-2026-55197 is an information disclosure vulnerability in Hermes WebUI that allows authenticated users to access cross-profile session transcripts. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-55197 Overview

CVE-2026-55197 is a broken access control vulnerability in Hermes WebUI versions prior to 0.51.443. The flaw resides in the /api/session endpoint, which fails to enforce profile boundary checks when authenticated users request session data. An attacker with valid credentials can query session identifiers belonging to other profiles and retrieve unauthorized conversation transcripts and metadata. The vulnerability is classified under CWE-639: Authorization Bypass Through User-Controlled Key.

Critical Impact

Authenticated attackers can disclose cross-profile session transcripts and metadata by directly referencing foreign session identifiers, breaking the confidentiality boundary between user profiles.

Affected Products

  • Hermes WebUI versions prior to 0.51.443
  • The /api/session endpoint with session_id query parameter
  • Session export functionality that lacked active-profile scoping

Discovery Timeline

  • 2026-06-17 - CVE-2026-55197 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-55197

Vulnerability Analysis

The vulnerability is a textbook Insecure Direct Object Reference (IDOR). Hermes WebUI exposes a session lookup route at GET /api/session?session_id=<id>&messages=1. The handler validates that the requester is authenticated but does not verify that the requested session_id belongs to the caller's active profile. As a result, any authenticated user can enumerate or guess session IDs owned by other profiles and read their full chat transcripts. The data exposed includes conversation messages and session metadata, producing a high-confidentiality impact while leaving integrity and availability unaffected.

Root Cause

The /api/session handler in api/routes.py performs session-by-ID reads and exports without scoping the query to the active profile. The visibility model defined in api.profiles (including _profiles_match and get_active_profile_name) was not consistently applied across by-ID read paths. This allowed user-supplied identifiers to bypass profile isolation logic.

Attack Vector

Exploitation requires only network access and low-privileged authenticated credentials, with no user interaction. An attacker logged in to a Hermes WebUI instance issues a request such as GET /api/session?session_id=<foreign_id>&messages=1 substituting another profile's session identifier. The server responds with the transcript and metadata belonging to that foreign session.

python
# Source: https://github.com/nesquena/hermes-webui/commit/2a3baa71b81ca92da8ece8616a09f15894beec71
# Security patch in api/routes.py - v0.51.443
# [security] scope session by-id reads + exports to active profile

 # (mcp_server.py) can import it without duplicating the visibility model.
 # Re-exported here so existing `_profiles_match(...)` call sites in this
 # module keep resolving without per-call-site refactors.
-from api.profiles import _profiles_match  # noqa: F401, E402  (re-export)
+from api.profiles import (  # noqa: F401, E402  (re-export)
+    _profiles_match,
+    get_active_profile_name,
+    get_active_profile_name as _get_active_profile_name,
+)


def _all_profiles_query_flag(parsed_url) -> bool:

The patch re-exports get_active_profile_name so that by-ID reads and exports can be scoped to the active profile, closing the cross-profile disclosure path.

Detection Methods for CVE-2026-55197

Indicators of Compromise

  • Requests to /api/session containing session_id values that do not belong to the authenticated user's profile.
  • Repeated GET /api/session?session_id=<id>&messages=1 requests with sequentially varying or enumerated identifiers.
  • Application logs showing successful session reads from accounts that did not create the referenced sessions.
  • Spikes in /api/session traffic from a single authenticated session correlated with access to many distinct session_id values.

Detection Strategies

  • Correlate authenticated user identity against the owning profile of each accessed session_id in application logs.
  • Alert on enumeration patterns where a single account requests a high volume of distinct session identifiers within a short window.
  • Inspect web server and reverse proxy logs for requests to /api/session carrying the messages=1 flag combined with unusual identifier diversity.

Monitoring Recommendations

  • Forward Hermes WebUI access and application logs to a central SIEM and apply rules that flag cross-profile session reads.
  • Baseline normal per-user request volumes against the /api/session endpoint and alert on deviations.
  • Audit historical logs after upgrade to identify any prior unauthorized access to foreign session transcripts.

How to Mitigate CVE-2026-55197

Immediate Actions Required

  • Upgrade Hermes WebUI to version 0.51.443 or later, which scopes session by-ID reads and exports to the active profile.
  • Rotate or invalidate sensitive session contents that may have been exposed prior to patching.
  • Review authentication logs to identify accounts that performed cross-profile session lookups.

Patch Information

The fix is delivered in Hermes WebUI Release v0.51.443 via commit 2a3baa7. Supporting changes are tracked in Pull Request #3982 and Pull Request #4269. The VulnCheck Advisory on Hermes WebUI provides additional context.

Workarounds

  • Restrict network access to the Hermes WebUI instance to trusted administrators until the patch is applied.
  • Place the /api/session endpoint behind a reverse proxy rule that rejects requests where the session_id parameter is not owned by the authenticated profile.
  • Temporarily disable session export and shared-session features if they are not required.
bash
# Example: verify installed Hermes WebUI version and upgrade
git -C /opt/hermes-webui describe --tags
git -C /opt/hermes-webui fetch --tags
git -C /opt/hermes-webui checkout v0.51.443
# Restart the service after upgrade
systemctl restart hermes-webui

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.