How is CVE-2026-55197 exploited?

Network reachability (required): The /api/session endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS. Authentication (required): Any low-privilege account is sufficient; the attacker does not need admin rights, but a valid session credential is required. Victim interaction (not-required): The attacker queries the endpoint directly with no need to involve or deceive another user. Attack complexity (info): Exploitation is reliable and condition-free; the attacker only needs to substitute a foreign session ID in a standard GET request.

What is the impact of CVE-2026-55197?

The attacker reads full conversation transcripts from sessions belonging to other profiles, exposing any sensitive content exchanged in those sessions. Session metadata such as session IDs, timing, and profile associations is also disclosed, enabling further enumeration of other users' activity. Confidentiality of all sessions accessible via the /api/session endpoint is compromised; no data is modified and no service availability impact occurs.

Back to search

HIGHCVE-2026-55197Published 2026-06-17Modified 2026-06-17CNA VulnCheck

CVE-2026-55197: Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=<foreign_id>&messages=1 to retrieve unauthorized conversation transcripts and metadata.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 0.51.443
Affected Products: 1

HarborGuard Analysis

Synopsis

Broken access control in the Hermes WebUI /api/session endpoint allows an authenticated user to read conversation transcripts and metadata belonging to other profiles. The vulnerability is reachable over the network and requires only a low-privilege account; no victim interaction is needed. Successful exploitation gives the attacker unauthorized read access to session transcripts and metadata across profile boundaries. A patched-image rebuild at version 0.51.443 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-55197 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that package Hermes WebUI. Any image running a version of nesquena/hermes-webui below 0.51.443 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at 7.1 HIGH using the CVSS v4.0 vector and can weight that score against each environment's compliance policy to determine urgency. Findings are routed to the appropriate team inbox within each customer organization based on configured policy rules.

Available

Patch

A patched-image rebuild at version 0.51.443 is available on HarborGuard for any environment found running an affected image. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityRequired
The /api/session endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS.
AuthenticationRequired
Any low-privilege account is sufficient; the attacker does not need admin rights, but a valid session credential is required.
Victim interactionNot required
The attacker queries the endpoint directly with no need to involve or deceive another user.
Attack complexityDetail
Exploitation is reliable and condition-free; the attacker only needs to substitute a foreign session ID in a standard GET request.

Blast Radius

The attacker reads full conversation transcripts from sessions belonging to other profiles, exposing any sensitive content exchanged in those sessions.
Session metadata such as session IDs, timing, and profile associations is also disclosed, enabling further enumeration of other users' activity.
Confidentiality of all sessions accessible via the /api/session endpoint is compromised; no data is modified and no service availability impact occurs.

How HarborGuard Handles This

Available on HarborGuard: any image packaging nesquena/hermes-webui below 0.51.443 is detected automatically upon CVE ingestion and scored at 7.1 HIGH. For customers with auto-remediation enabled, a rebuild at the fixed version (0.51.443) is initiated, a regression test run is executed against the rebuilt image, and a pull request is opened against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and a triage report are staged and routed to the appropriate team inbox for review. Customers who cannot immediately update should consider restricting access to the /api/session endpoint via network policy to authenticated internal traffic only, limiting the pool of accounts that can reach the API until the patched image is deployed.

See how HarborGuard automates this

Fix available

0.51.443

Patch commits

Patch Commit

Affected packages

nesquena / hermes-webui
< 0.51.443 (from 0)
Fixed in 0.51.443

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available