MEDIUM 5.3

CVE-2026-10224: NousResearch hermes-agent Webhook Resource Exhaustion Vulnerability

A vulnerability in NousResearch's hermes-agent allows an attacker to consume resources on a server by sending specially crafted requests to a webhook endpoint. The vulnerability affects versions up to 2026.4.30 and can be triggered remotely without authentication. While the technical complexity is low, the impact is limited to availability rather than data breach or system compromise. Public exploit information exists, though NousResearch has not responded to early vendor disclosure attempts.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Weaknesses (CWE)
CWE-400, CWE-404
Affected products
0 configuration(s)
Published / Modified
2026-06-01 / 2026-06-17

NVD description (verbatim)

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

5 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10224 is a resource exhaustion flaw in the _handle_webhook_request function within gateway/platforms/feishu.py of hermes-agent. The vulnerability stems from improper handling of webhook requests, allowing unauthenticated remote attackers to trigger uncontrolled resource consumption. The attack requires no special privileges or user interaction. The underlying weaknesses are classified as CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Improper Resource Validation), indicating insufficient bounds checking or resource limits on incoming webhook payloads.

Business impact

This vulnerability poses a denial-of-service risk to deployments of hermes-agent, particularly those exposing webhook endpoints to untrusted networks. An attacker could degrade service availability by exhausting CPU, memory, or connection pools without gaining unauthorized access to data or system control. Organizations relying on hermes-agent for critical integrations face potential operational disruption. The severity is moderate because availability impact is limited compared to confidentiality or integrity breaches, but recovery requires manual intervention and potential service restarts.

Affected systems

NousResearch hermes-agent versions up to and including 2026.4.30 are vulnerable. Any deployment exposing the Feishu webhook endpoint (gateway/platforms/feishu.py) to external or untrusted networks is at risk. Organizations using hermes-agent for team collaboration platforms or third-party integrations should prioritize assessment.

Exploitability

The attack is straightforward to execute: an unauthenticated attacker can send requests to the webhook endpoint remotely without authentication, privileges, or user interaction. Public exploit information has been disclosed, meaning attack tooling or proof-of-concept code may be available or in active development. The low attack complexity and network-based attack vector increase the practical likelihood of exploitation. However, the availability impact is limited rather than severe, which tempers overall risk.

Remediation

Update hermes-agent to a patched version released after 2026.4.30. Verify the specific patched version against NousResearch's official advisory since the vendor did not formally respond to early disclosure. In the interim, implement network-level controls to restrict webhook endpoint access to trusted sources only, or disable the Feishu webhook integration if not actively used. Monitor resource utilization on affected systems for signs of exploitation.

Patch guidance

Upgrade hermes-agent beyond version 2026.4.30 immediately. Consult NousResearch's official advisory or release notes to confirm the minimum patched version. If no official patch has been released despite the June 2026 publication date, contact NousResearch directly or consider alternative agents. After patching, verify the fix is active by reviewing logs and testing webhook behavior under load.

Detection guidance

Monitor webhook endpoints for unusual request patterns: high-frequency requests, oversized payloads, or repeated requests from single sources. Enable logging on the _handle_webhook_request function and alert on resource spikes correlated with webhook activity. Implement rate limiting on webhook endpoints to restrict request frequency per source IP or time window. Review application logs for errors or warnings related to resource exhaustion on the Feishu platform integration.

Why prioritize this

While this vulnerability carries a moderate CVSS score (5.3), it merits prompt attention because: (1) exploit code is publicly available, lowering the barrier to attack; (2) the attack is network-accessible with no authentication required; (3) the vendor's non-responsiveness suggests patching may be delayed or absent; (4) resource exhaustion can cascade in shared infrastructure. Organizations should patch or mitigate within 2–4 weeks to prevent opportunistic exploitation.

Risk score, explained

The CVSS 3.1 score of 5.3 (MEDIUM) reflects a remote, unauthenticated attack with low complexity but limited impact scope. The attack vector is network-based and requires no user interaction or elevated privileges, yielding a higher base score. However, the absence of confidentiality or integrity impact caps the severity at MEDIUM. The score does not account for publicly disclosed exploits or vendor non-responsiveness, which elevate practical risk in real-world scenarios. Organizations should treat this as a higher priority than the score alone suggests.

Frequently asked questions

Why should we prioritize this if it's only 'MEDIUM' severity?

Public exploit availability and unauthenticated remote exploitability make this a practical risk despite moderate CVSS scoring. A motivated attacker can disrupt service availability with minimal effort. Vendor non-responsiveness also suggests fixes may be slow to arrive, widening the exposure window.

Can this vulnerability lead to data theft or system compromise?

No. The vulnerability is limited to resource exhaustion and denial of service. It does not grant unauthorized access to data or allow execution of arbitrary code. The impact is operational availability, not security breach.

If we disable the Feishu webhook, are we protected?

Yes. Disabling or removing the Feishu platform integration from hermes-agent eliminates the attack surface if you do not use that feature. However, if Feishu integration is required, you must patch or implement network access controls.

What should we do if NousResearch doesn't release a patch?

Implement compensating controls: network segmentation to restrict webhook endpoint access, rate limiting to throttle requests, and robust monitoring for resource anomalies. Escalate to NousResearch through official support channels and consider forking or switching to a maintained alternative if the vendor remains unresponsive.

This analysis is provided for informational purposes and reflects publicly disclosed information as of the publication and modification dates stated. Verify all patch versions, vendor advisories, and technical details against official NousResearch documentation and advisories. No warranty is made regarding the accuracy or completeness of this information. Security teams should conduct independent testing and validation before implementing any remediation or detection measures. The absence of an official vendor response does not imply the existence or non-existence of a patch; contact the vendor directly for current status. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).