How is CVE-2026-49959 exploited?

Network reachability (required): The attacker must reach the Hermes WebUI service over the network; the CVSS vector specifies AV:N, meaning the vulnerable API endpoint is exposed to network-accessible clients. Authentication (required): A valid account is required to exploit this vulnerability; the CVSS vector specifies PR:L, meaning any low-privilege authenticated user is sufficient and no admin account is needed. Victim interaction (not-required): No action by any other user or victim is needed; the attacker triggers the exploit entirely through their own requests to the API. Attack complexity (info): The CVSS vector specifies AC:L, meaning the exploit is reliable and requires no special race conditions, timing windows, or environmental prerequisites beyond authentication.

What is the impact of CVE-2026-49959?

The attacker executes arbitrary operating system commands on the host running Hermes WebUI, gaining full control of that process and its filesystem access. All data the application can read is exposed, including workspace contents, stored credentials, configuration secrets, and any secrets mounted into the container at runtime. The attacker can modify or delete application data, workspace files, and any persisted state the running process has write access to. The application process itself and any dependent services it communicates with can be disrupted or terminated, causing a service outage.

Back to search

HIGHCVE-2026-49959Published 2026-06-09Modified 2026-06-10CNA VulnCheck

CVE-2026-49959: Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Q: What is CVE-2026-49959?

This is a remote code execution vulnerability in Hermes WebUI, a web-based workspace management application. An authenticated attacker can reach the vulnerable endpoint over the network and inject malicious directives into a workspace repository's .git/config file, causing Git subprocesses to execute arbitrary operating system commands. Successful exploitation gives the attacker full command execution on the host running Hermes WebUI. A patched-image rebuild at version 0.51.311 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-49959 fixed?

A patched-image rebuild pinned to Hermes WebUI 0.51.311 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite against the new image, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in api/workspace_git.py through vectors such as core.fsmonitor during git status, protocol.ext.allow with ext:: remotes during git fetch, credential.helper, core.askPass, core.gitProxy, or inherited environment variables including GIT_SSH_COMMAND to achieve arbitrary command execution on the host running the application.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 0.51.311
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a remote code execution vulnerability in Hermes WebUI, a web-based workspace management application. An authenticated attacker can reach the vulnerable endpoint over the network and inject malicious directives into a workspace repository's .git/config file, causing Git subprocesses to execute arbitrary operating system commands. Successful exploitation gives the attacker full command execution on the host running Hermes WebUI. A patched-image rebuild at version 0.51.311 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-49959 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images derived from nesquena/hermes-webui base layers. Any image with a package manifest or layer signature matching Hermes WebUI versions below 0.51.311 is flagged immediately.

Available

Triage

HarborGuard scores this CVE at 8.7 HIGH using the CVSS v4.0 vector and is capable of weighting that score against each customer environment's compliance policy to adjust priority (for example, elevating findings in production-facing namespaces). Routed findings can be directed to the appropriate team inbox within each customer org based on image ownership and policy configuration.

Available

Patch

A patched-image rebuild pinned to Hermes WebUI 0.51.311 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite against the new image, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Hermes WebUI service over the network; the CVSS vector specifies AV:N, meaning the vulnerable API endpoint is exposed to network-accessible clients.
AuthenticationRequired
A valid account is required to exploit this vulnerability; the CVSS vector specifies PR:L, meaning any low-privilege authenticated user is sufficient and no admin account is needed.
Victim interactionNot required
No action by any other user or victim is needed; the attacker triggers the exploit entirely through their own requests to the API.
Attack complexityDetail
The CVSS vector specifies AC:L, meaning the exploit is reliable and requires no special race conditions, timing windows, or environmental prerequisites beyond authentication.

Blast Radius

The attacker executes arbitrary operating system commands on the host running Hermes WebUI, gaining full control of that process and its filesystem access.
All data the application can read is exposed, including workspace contents, stored credentials, configuration secrets, and any secrets mounted into the container at runtime.
The attacker can modify or delete application data, workspace files, and any persisted state the running process has write access to.
The application process itself and any dependent services it communicates with can be disrupted or terminated, causing a service outage.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-49959 fires automatically when any scanned image contains Hermes WebUI below version 0.51.311, with results appearing in the customer dashboard within minutes of the advisory entering the feed. A patched-image rebuild at 0.51.311 is available for affected environments. Where compliance policy permits and auto-remediation is enabled, HarborGuard will rebuild the image, execute a regression test run against it, and open a pull request targeting affected workloads; for high-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in auto-remediation-enabled environments. For environments where auto-remediation is not enabled, the finding is routed to the configured team inbox with the CVSS 8.7 HIGH score and remediation guidance attached, so engineers can act on an explicit upgrade to 0.51.311 directly.

See how HarborGuard automates this

Fix available

0.51.311

Patch commits

github.com

Affected packages

nesquena / hermes-webui
< 0.51.311 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available