How is CVE-2026-11322 exploited?

Network reachability (required): The attacker must reach the Hermes WebUI service over the network; the vulnerable file and listing APIs are exposed via the web interface. Authentication (required): A low-privilege account is sufficient; any valid authenticated session can supply symlinks to the workspace APIs. Victim interaction (not-required): The attacker exploits the API directly and does not need a user to take any action. Attack complexity (info): Exploitation is reliable and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required.

What is the impact of CVE-2026-11322?

Reads arbitrary files on the host that the server process has permission to open, including files outside the workspace root. Discloses SSH private keys stored on the host, enabling lateral movement to other systems. Exposes cloud provider credential files (for example, AWS credentials or GCP service account keys), allowing unauthorized API access to cloud resources. Leaks application tokens and configuration secrets accessible to the server process user.

Back to search

HIGHCVE-2026-11322Published 2026-06-04Modified 2026-06-04CNA VulnCheck

CVE-2026-11322: Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud credentials, or application tokens.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 0.51.221
Affected Products: 1

HarborGuard Analysis

Synopsis

Path traversal via symlink workspace bypass in Hermes WebUI allows an authenticated attacker to escape the intended workspace boundary through the file and listing APIs. The vulnerability is reachable over the network and requires only a low-privilege account; no victim interaction is needed. Successful exploitation gives the attacker read access to arbitrary files on the host that the server process can reach, such as SSH private keys, cloud credential files, and application tokens. A patched-image rebuild at version 0.51.221 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-11322 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images that bundle Hermes WebUI. No manual configuration is required to trigger the scan.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 7.1 (High) and weighting it against each environment's compliance policy to determine alert priority. Triage results are routable to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

A patched-image rebuild pinned to Hermes WebUI 0.51.221 becomes available through HarborGuard once the fix version is confirmed in the upstream package feed. For customers who opt into auto-remediation, HarborGuard can run a rebuilt image through regression tests and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Hermes WebUI service over the network; the vulnerable file and listing APIs are exposed via the web interface.
AuthenticationRequired
A low-privilege account is sufficient; any valid authenticated session can supply symlinks to the workspace APIs.
Victim interactionNot required
The attacker exploits the API directly and does not need a user to take any action.
Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required.

Blast Radius

Reads arbitrary files on the host that the server process has permission to open, including files outside the workspace root.
Discloses SSH private keys stored on the host, enabling lateral movement to other systems.
Exposes cloud provider credential files (for example, AWS credentials or GCP service account keys), allowing unauthorized API access to cloud resources.
Leaks application tokens and configuration secrets accessible to the server process user.

How HarborGuard Handles This

Available on HarborGuard: images containing Hermes WebUI versions below 0.51.221 are flagged automatically as vulnerable once the CVE is ingested. Where compliance policy permits, a rebuild at the patched version 0.51.221 is staged for deployment; for customers with auto-remediation enabled, HarborGuard runs the rebuilt image through regression tests and opens a pull request against affected workloads (median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled). Until a rebuild is deployed, compensating controls worth considering include restricting network access to the Hermes WebUI service via network policy (limiting which pods or hosts can reach the API), and auditing the server process's filesystem permissions to reduce the set of sensitive files it can open.

See how HarborGuard automates this

Fix available

0.51.221

Patch commits

github.com

Affected packages

nesquena / Hermes WebUI
< 0.51.221 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available