CVE-2026-9369 Overview
CVE-2026-9369 is an incorrect comparison vulnerability in NousResearch hermes-agent version 2026.4.23. The flaw resides in the _discover_dashboard_plugins function within hermes_cli/web_server.py, part of the CLI web-dashboard interface. An attacker with local access can manipulate the HERMES_ENABLE_PROJECT_PLUGINS environment argument to trigger the faulty comparison logic. The exploit has been publicly released. The vendor was contacted prior to disclosure but did not respond. The weakness is classified under [CWE-697: Incorrect Comparison].
Critical Impact
Local attackers can influence plugin discovery behavior in the hermes-agent dashboard by abusing improper comparison logic, affecting confidentiality, integrity, and availability at a limited scope.
Affected Products
- NousResearch hermes-agent 2026.4.23
- Component: hermes_cli/web_server.py
- Function: _discover_dashboard_plugins
Discovery Timeline
- 2026-05-24 - CVE-2026-9369 published to NVD
- 2026-05-26 - Last updated in NVD database
Technical Details for CVE-2026-9369
Vulnerability Analysis
The vulnerability exists in the plugin discovery routine of the hermes-agent CLI web dashboard. The _discover_dashboard_plugins function evaluates the HERMES_ENABLE_PROJECT_PLUGINS argument using an incorrect comparison pattern. This logic flaw allows an attacker to influence whether project plugins are loaded during dashboard initialization. Because the comparison does not enforce strict equality or proper type checking, supplied values can bypass the intended gating mechanism. The exploit code has been disclosed publicly through a GitHub gist.
Root Cause
The root cause is classified as [CWE-697: Incorrect Comparison]. The plugin gating logic relies on a comparison that does not robustly validate the input value of HERMES_ENABLE_PROJECT_PLUGINS. As a result, values that should not enable plugin loading may still satisfy the comparison, or vice versa, leading to unexpected plugin discovery behavior in the web server module.
Attack Vector
The attack requires local access to the system running hermes-agent. An authenticated local user manipulates the HERMES_ENABLE_PROJECT_PLUGINS argument before or during invocation of the CLI dashboard. The manipulated value reaches _discover_dashboard_plugins, where the flawed comparison alters plugin discovery flow. Refer to the GitHub PoC Repository and the VulDB Vulnerability #365332 entry for technical references. No verified code examples are reproduced here.
Detection Methods for CVE-2026-9369
Indicators of Compromise
- Unexpected modifications to the HERMES_ENABLE_PROJECT_PLUGINS environment variable on hosts running hermes-agent.
- Dashboard logs showing plugin discovery activity in hermes_cli/web_server.py that does not match operator intent.
- Local user sessions invoking the hermes-agent CLI dashboard outside standard administrative workflows.
Detection Strategies
- Monitor process command lines and environment variables for references to HERMES_ENABLE_PROJECT_PLUGINS on systems running hermes-agent 2026.4.23.
- Audit invocations of the hermes-agent CLI dashboard and correlate against the local user account performing the action.
- Track file access patterns on hermes_cli/web_server.py and any plugin directories referenced during dashboard startup.
Monitoring Recommendations
- Centralize hermes-agent process and environment telemetry into a SIEM for retrospective analysis.
- Establish a baseline of expected dashboard plugin load events and alert on deviations.
- Restrict and log local interactive sessions on hosts running hermes-agent to identify abuse of low-privilege accounts.
How to Mitigate CVE-2026-9369
Immediate Actions Required
- Inventory all systems running NousResearch hermes-agent 2026.4.23 and restrict local access to trusted users only.
- Remove or tightly control the HERMES_ENABLE_PROJECT_PLUGINS argument in deployment scripts and shell profiles.
- Disable the CLI web-dashboard interface on systems where it is not required.
Patch Information
No vendor patch has been published. The vendor was contacted prior to disclosure but did not respond. Monitor the VulDB Vulnerability #365332 record and the NousResearch hermes-agent project for updated releases addressing the incorrect comparison in _discover_dashboard_plugins.
Workarounds
- Run hermes-agent under a dedicated low-privilege account isolated from other workloads.
- Block local users from setting or overriding the HERMES_ENABLE_PROJECT_PLUGINS argument through filesystem and shell configuration controls.
- Avoid enabling the CLI web-dashboard on multi-user systems until a fixed release is available.
# Configuration example: explicitly unset the affected argument
unset HERMES_ENABLE_PROJECT_PLUGINS
# Restrict execution of the hermes CLI dashboard to an administrative group
chown root:hermes-admins /usr/local/bin/hermes
chmod 750 /usr/local/bin/hermes
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
