CVE-2026-11322: Hermes WebUI Path Traversal Vulnerability – Credential Exposure Risk
Hermes WebUI versions before 0.51.221 have a path traversal flaw that lets authenticated users read files outside the intended workspace directory. By crafting symlinks that point to sensitive data, attackers can access SSH keys, cloud credentials, and application tokens that the server process can reach. The vulnerability requires an existing user account but poses a meaningful risk to credential and secret exposure.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-59
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-04 / 2026-06-17
NVD description (verbatim)
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud credentials, or application tokens.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
This path traversal vulnerability (CWE-59) exists in Hermes WebUI's file and directory listing APIs, which resolve symbolic links without validating that the resolved target remains within the configured workspace root boundary. An authenticated attacker can supply specially crafted symlinks to the workspace APIs and successfully traverse to parent directories and arbitrary filesystem locations accessible to the server process. The lack of canonicalization or bounds checking on symlink resolution allows disclosure of sensitive files outside the workspace namespace.
Business impact
If exploited, an attacker with legitimate workspace access could exfiltrate high-value secrets stored on the same server, including SSH private keys for infrastructure access, cloud provider credentials, and application tokens. This creates a lateral movement pathway and credential compromise risk that directly undermines identity and access control boundaries. Organizations relying on Hermes WebUI for file management should assume that workspace isolation is not trustworthy in affected versions.
Affected systems
Hermes WebUI prior to version 0.51.221 is vulnerable. The vendor has not provided an exhaustive product list in public disclosures; verify your Hermes WebUI deployment version and cross-reference against vendor advisories to confirm exposure.
Exploitability
Exploitation requires an authenticated user account with workspace access—this is not an unauthenticated vulnerability. However, the attack surface is relatively broad: any user able to create or modify files within a workspace can craft symlinks, and the barrier to weaponization is low. Once crafted, symlink-based attacks are straightforward to execute and reliably expose sensitive data. Network accessibility is required, but no unusual conditions or user interaction are necessary. The CVSS 3.1 score of 6.5 (Medium) reflects the authentication requirement, high confidentiality impact, and network-based delivery.
Remediation
Upgrade Hermes WebUI to version 0.51.221 or later. This version enforces proper path validation to ensure symlink targets remain within workspace boundaries. If immediate patching is not feasible, restrict workspace access to trusted users only and monitor for suspicious file access patterns within workspaces.
Patch guidance
Apply Hermes WebUI version 0.51.221 or a later stable release. Verify the applied version via the WebUI version endpoint or administrative console. Test the upgrade in a non-production environment first to ensure compatibility with your workspace configurations. Refer to the vendor's release notes for any breaking changes or migration guidance.
Detection guidance
Monitor Hermes WebUI access logs for repeated or systematic requests to workspace file listing and retrieval APIs, especially patterns involving symlink creation or access to files with path components like '..' or absolute paths. Watch for API calls that succeed in returning file contents from unexpected filesystem locations. File integrity monitoring on sensitive system files (SSH keys, credential stores, cloud config files) can alert to unauthorized read access. Network-based detection of symlink payloads in API requests may be possible if your monitoring tools can inspect request bodies.
Why prioritize this
This vulnerability merits prompt patching because it directly threatens credential confidentiality for any organization storing secrets accessible to the Hermes WebUI process. The requirement for authentication reduces urgency compared to unauthenticated path traversal, but the high-value nature of typical targets (SSH keys, cloud credentials) and the low exploitation complexity make it a priority ahead of vulnerabilities with lower confidentiality impact. Organizations handling sensitive deployments should patch within 30 days.
Risk score, explained
The CVSS 3.1 score of 6.5 (Medium) balances the high confidentiality impact (H) against the authentication requirement (PR:L). The vulnerability does not affect integrity or availability, limiting the severity ceiling. However, the authenticated-user requirement should not be underestimated: insider threats, compromised accounts, or overly permissive workspace sharing can quickly turn this into an active attack vector. The practical risk is often higher than the CVSS score suggests in environments with relaxed user access controls.
Frequently asked questions
Can an unauthenticated attacker exploit this vulnerability?
No. The vulnerability requires a valid Hermes WebUI user account with workspace access. Attackers must authenticate first, which limits the attack surface to insider threats and compromised accounts.
What types of files are at risk?
Any file readable by the Hermes WebUI server process is at risk, including SSH private keys, database credentials, API tokens, cloud provider configuration files, and application secrets. The scope depends on the filesystem permissions of the server process and the sensitive data co-located on the same system.
Does the symlink need to exist before the attack, or can an attacker create it?
An attacker with workspace file creation privileges can craft symlinks as part of the exploit. If workspace permissions allow file uploads or creation, the attacker does not need pre-existing symlinks.
Is there a workaround if we cannot patch immediately?
Restrict Hermes WebUI workspace access to a minimal set of trusted users, isolate the server to a restricted network segment, and disable file upload functionality if it is not essential. Additionally, apply OS-level restrictions (SELinux, AppArmor) to limit the server process's filesystem access. These measures reduce risk but do not eliminate it; patching is the definitive remediation.
This analysis is provided for informational purposes and reflects publicly available vulnerability data as of the publication date. Vendor advisories and patch availability may change; always verify against the official Hermes WebUI release notes and security bulletins before deploying patches. The risk score and exploitability assessment assume standard deployment configurations; your environment may present higher or lower risk depending on access controls, network isolation, and the sensitivity of co-located data. No exploit code or weaponized proof-of-concept is provided in this analysis. SEC.co makes no warranty regarding the completeness or accuracy of threat intelligence; conduct your own risk assessment in consultation with your security team. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2026-40861MEDIUMApache Airflow Path Traversal – Log Directory Symlink and Directory Escape Vulnerability
- CVE-2026-41236HIGHFroxlor 2.3.6 Symlink Privilege Escalation to Root
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25421MEDIUMOpen STA Manager 2.3 Path Traversal File Download Vulnerability
- CVE-2018-25423MEDIUMBuffer Overflow Denial of Service in Arm Whois 3.11