How is CVE-2026-49956 exploited?

Network reachability (required): The attacker must reach the Hermes WebUI service over the network to send crafted requests to the sessions search endpoint. Authentication (required): Any low-privilege authenticated account is sufficient; no administrative or elevated permissions are needed. Victim interaction (not-required): The attacker sends requests directly to the endpoint; no action from another user is needed. Attack complexity (info): The exploit is reliable and condition-free; no race conditions or special environmental factors are required.

What is the impact of CVE-2026-49956?

The attacker reads session titles from profiles other than their own active profile. The attacker reads full transcript message content from those foreign profiles, potentially exposing private conversations or sensitive data exchanged in other users' sessions. Confidentiality of all sessions indexed by the search endpoint is compromised for any authenticated user on the instance.

Back to search

HIGHCVE-2026-49956Published 2026-06-09Modified 2026-06-09CNA VulnCheck

CVE-2026-49956: Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Q: What is CVE-2026-49956?

An authentication bypass of profile isolation in Hermes WebUI (versions before 0.51.269) lets any logged-in user read session data belonging to other users' profiles by querying the sessions search endpoint, which fails to enforce active-profile filtering. The vulnerability is reachable over the network and requires only a low-privilege account; no special permissions or victim interaction are needed. Successful exploitation exposes session titles and transcript message content from profiles the attacker does not own. A patched-image rebuild at version 0.51.269 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-49956 fixed?

A patched-image rebuild at Hermes WebUI 0.51.269 becomes available on HarborGuard once the fix version is confirmed in the upstream feed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message content from profiles other than their own active profile.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 0.51.269
Affected Products: 1

HarborGuard Analysis

Synopsis

An authentication bypass of profile isolation in Hermes WebUI (versions before 0.51.269) lets any logged-in user read session data belonging to other users' profiles by querying the sessions search endpoint, which fails to enforce active-profile filtering. The vulnerability is reachable over the network and requires only a low-privilege account; no special permissions or victim interaction are needed. Successful exploitation exposes session titles and transcript message content from profiles the attacker does not own. A patched-image rebuild at version 0.51.269 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-49956 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images that package Hermes WebUI.

Available

Triage

HarborGuard scores this CVE at CVSS 7.1 (HIGH) and can weight that score against each environment's compliance policy to determine urgency; findings are routable to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at Hermes WebUI 0.51.269 becomes available on HarborGuard once the fix version is confirmed in the upstream feed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Hermes WebUI service over the network to send crafted requests to the sessions search endpoint.
AuthenticationRequired
Any low-privilege authenticated account is sufficient; no administrative or elevated permissions are needed.
Victim interactionNot required
The attacker sends requests directly to the endpoint; no action from another user is needed.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special environmental factors are required.

Blast Radius

The attacker reads session titles from profiles other than their own active profile.
The attacker reads full transcript message content from those foreign profiles, potentially exposing private conversations or sensitive data exchanged in other users' sessions.
Confidentiality of all sessions indexed by the search endpoint is compromised for any authenticated user on the instance.

How HarborGuard Handles This

Available on HarborGuard: images running Hermes WebUI below 0.51.269 are flagged as soon as the CVE is ingested, typically within minutes of publication. Where compliance policy permits, a rebuilt image at version 0.51.269 is made available immediately, and customers with auto-remediation enabled receive a full rebuild, a regression test run, and a PR opened against affected workloads. For high-severity issues in auto-remediation environments, the median time from CVE publication to merged patch PR is around 90 minutes. For environments where auto-remediation is not enabled, HarborGuard surfaces the finding with CVSS 7.1 HIGH scoring and routes it to the configured team inbox so that a manual upgrade to 0.51.269 can be prioritized. As a compensating control while remediation is in progress, network-policy rules that restrict access to the Hermes WebUI sessions search endpoint to only known trusted internal sources can reduce the exposed attack surface.

See how HarborGuard automates this

Fix available

0.51.269

Patch commits

github.com

Affected packages

nesquena / hermes-webui
< 0.51.269 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available