HIGH 7.7

CVE-2026-49957: Hermes WebUI Workspace Boundary Bypass (v0.51.296)

Hermes WebUI versions before 0.51.296 contain a flaw in how they validate workspace boundaries for remote terminal sessions. An attacker who has legitimate access to the system can trick the application into accepting a system directory like /etc as a valid workspace root, bypassing security checks designed to prevent this. Once bypassed, the attacker can read sensitive files from the system through the workspace file-read features, effectively escaping the intended sandbox that should contain their access to user-specific directories.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.7 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Weaknesses (CWE)
CWE-22
Affected products
0 configuration(s)
Published / Modified
2026-06-09 / 2026-07-14

NVD description (verbatim)

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate(). Attackers can configure a remote terminal working directory to a system directory such as /etc, causing the workspace resolution path to accept it as a trusted local workspace root before the _is_blocked_workspace_path() guard executes, enabling read access to local system files through workspace file-read helpers.

5 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in the _remote_terminal_workspace_candidate() function, which resolves workspace paths for SSH and remote terminal profiles. The function contains a logic flaw where it returns early and accepts a workspace directory before the _is_blocked_workspace_path() validation guard executes. This allows authenticated users to configure remote terminal working directories pointing to protected system paths like /etc. The premature acceptance bypasses the path boundary check, enabling subsequent file-read helpers to access files outside the intended workspace isolation boundary. The root cause is an ordering issue in the security validation chain rather than a missing check entirely.

Business impact

Organizations using Hermes WebUI face a risk of unauthorized disclosure of sensitive system configuration files that should remain restricted. Authenticated users—whether internal staff, contractors, or compromised accounts—could potentially read /etc/passwd, configuration files, or other system metadata that could inform further attacks or reveal sensitive configuration details. This escalates the risk profile of any compromised user account on the system, as their effective permissions exceed what the application intended to grant.

Affected systems

Hermes WebUI versions prior to 0.51.296 are affected. No other vendors or products are identified in the vulnerability record. Organizations should identify all running instances of Hermes WebUI and determine their current version to assess exposure.

Exploitability

Exploitation requires valid authentication credentials—this is not an unauthenticated attack. The vulnerability scores HIGH (7.7 CVSS) despite the authentication requirement because the impact is severe (high confidentiality) and the attack complexity is low. Once authenticated, no complex setup or user interaction is needed; the attacker simply configures a remote terminal profile with a blocked path. The attack succeeds against the network boundary (AV:N), meaning remote exploitation is possible for any user with valid credentials, including those accessing the system over the network.

Remediation

Upgrade Hermes WebUI to version 0.51.296 or later. This version addresses the early-return logic flaw in the workspace resolution function. Organizations should prioritize this patch for instances exposed to untrusted or semi-trusted user populations. If an immediate upgrade is not feasible, restrict authentication credentials to only fully trusted users and monitor file access patterns for anomalous reads of system directories through the workspace API.

Patch guidance

Apply the update to Hermes WebUI 0.51.296 or later as soon as possible, particularly if the system is exposed to multiple user accounts or federated identity sources. Verify the patch by checking the running version in the WebUI administration panel or through the application logs. Test the patch in a non-production environment first to confirm no disruption to legitimate remote terminal workflows. The patch should restore proper validation order in the workspace resolution logic without requiring configuration changes.

Detection guidance

Monitor Hermes WebUI logs for remote terminal profile creation or modification attempts that reference system paths (e.g., /etc, /var, /sys). Look for file-read API calls that access paths outside the user's declared workspace root, particularly from authenticated sessions. Query application audit logs for workspace resolution failures or security guard bypasses if the logging is sufficiently detailed. Network-based detection is difficult since the attack uses legitimate WebUI endpoints; detection relies on understanding the application's intended behavior and identifying deviations. Alerting on configuration of remote terminal working directories that begin with / and are not user home directories may help identify suspicious activity.

Why prioritize this

This vulnerability merits prompt attention despite the authentication requirement because: (1) HIGH severity with confirmed confidentiality impact; (2) low attack complexity—no sophisticated exploitation steps required; (3) affects the workspace isolation model, which is a foundational security boundary; (4) not yet in the CISA KEV catalog, indicating less industry awareness and potentially lower patch adoption; (5) any organization with multi-user or federated access to Hermes WebUI faces meaningful risk. Prioritize patching instances in high-sensitivity environments first.

Risk score, explained

The CVSS 3.1 score of 7.7 reflects HIGH severity. The score captures: (1) Network exploitability (AV:N)—authenticated users can attack from the network; (2) Low attack complexity (AC:L)—no special conditions or user interaction required; (3) Low privilege requirement (PR:L)—any authenticated user can exploit this; (4) Scope change (S:C)—the impact extends beyond the vulnerable component to the broader system; (5) High confidentiality impact (C:H)—unauthorized file read access to system files; (6) No integrity or availability impact (I:N, A:N). The authentication requirement prevents a higher score, but the broad impact and ease of exploitation within the authenticated context justify the HIGH rating.

Frequently asked questions

Do we need to patch immediately if we only allow trusted admins to use Hermes WebUI?

The risk is lower in admin-only environments, but patching remains prudent. Compromise of a single admin account or credential theft would give an attacker system file read access they shouldn't have. Also, trust models can change—applications may be repurposed or user bases expanded. Patching removes this attack vector entirely and should not disrupt legitimate workflows.

Can this vulnerability be exploited without configuring a remote terminal?

No. The attacker must actively configure or modify a remote terminal profile with a system directory path as the working directory. This is not a silent or passive vulnerability; it requires deliberate action by the authenticated user. However, this action is straightforward and leaves minimal forensic traces if not logged in detail.

If I upgrade to 0.51.296, do I need to reconfigure existing remote terminal profiles?

No. The patch corrects the validation logic and does not change the configuration interface or schema. Existing legitimate profiles will continue to work. Profiles that were previously configured with blocked paths (e.g., /etc) will be rejected on next use, prompting the user to provide a valid workspace directory. This is the intended behavior and indicates the fix is working.

Is there a workaround if we cannot patch immediately?

No technical workaround fully mitigates this vulnerability. Your best interim controls are: (1) restrict authentication credentials to fully trusted users only; (2) implement network-level access controls to limit who can reach Hermes WebUI; (3) audit and monitor file access patterns; (4) prepare the patch deployment so you can apply it quickly when ready. Plan to patch within 30 days if possible.

This analysis is provided for informational purposes to support vulnerability management and patch prioritization. SEC.co does not provide legal or compliance advice. Organizations should verify all patch versions, supported platforms, and vendor advisories directly with Hermes WebUI documentation and release notes. Exploit code, weaponization details, and proof-of-concept payloads are deliberately not included in this analysis. Test patches in non-production environments before deployment. This vulnerability information is current as of the publication date; refer to official sources for updates. Source: NVD (public-domain), retrieved 2026-07-18. Analysis generated by SEC.co (claude-haiku-4-5).