How is CVE-2026-55198 exploited?

Network reachability (required): The session export endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS. Authentication (required): Any low-privilege authenticated account is sufficient; no administrative or elevated permissions are needed. Victim interaction (not-required): No action from another user is needed; the attacker directly calls the export endpoint without any social-engineering step. Attack complexity (info): Exploitation is reliable and condition-free once the attacker has a valid session ID to target; no race conditions or special environmental factors apply.

What is the impact of CVE-2026-55198?

The attacker reads full session transcripts from other users' profiles, including all conversation history stored in those sessions. Any sensitive or confidential information a user typed into Hermes WebUI during a session is exposed to the attacker. Session identifiers for foreign sessions can be harvested, enabling the attacker to chain further unauthorized actions against those sessions. Integrity and availability of the targeted data are not directly affected; the impact is confined to confidentiality of session data.

Back to search

HIGHCVE-2026-55198Published 2026-06-17Modified 2026-06-17CNA VulnCheck

CVE-2026-55198: Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Q: What is CVE-2026-55198?

An authorization bypass in the session export endpoint of Hermes WebUI (versions before 0.51.443) lets any authenticated user read session data belonging to other user profiles. The vulnerability is reachable over the network and requires only a low-privilege account, with no additional interaction from a victim. Successful exploitation gives an attacker full read access to foreign session transcripts, including conversation history and any sensitive data captured in those sessions. A patched-image rebuild at version 0.51.443 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-55198 fixed?

A patched-image rebuild at Hermes WebUI 0.51.443 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The _handle_session_export handler in api/routes.py fails to verify active-profile ownership before serializing session data, enabling attackers to exfiltrate foreign session transcripts by guessing or knowing session identifiers.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 0.51.443
Affected Products: 1

HarborGuard Analysis

Synopsis

An authorization bypass in the session export endpoint of Hermes WebUI (versions before 0.51.443) lets any authenticated user read session data belonging to other user profiles. The vulnerability is reachable over the network and requires only a low-privilege account, with no additional interaction from a victim. Successful exploitation gives an attacker full read access to foreign session transcripts, including conversation history and any sensitive data captured in those sessions. A patched-image rebuild at version 0.51.443 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-55198 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all images in customer registries and CI/CD pipelines, including custom-built images that bundle Hermes WebUI.

Available

Triage

HarborGuard scores this finding at CVSS 7.1 (High, v4.0) and can apply per-environment compliance policy weighting to adjust priority before routing the alert to the appropriate team inbox within each customer organization.

Available

Patch

A patched-image rebuild at Hermes WebUI 0.51.443 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The session export endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS.
AuthenticationRequired
Any low-privilege authenticated account is sufficient; no administrative or elevated permissions are needed.
Victim interactionNot required
No action from another user is needed; the attacker directly calls the export endpoint without any social-engineering step.
Attack complexityDetail
Exploitation is reliable and condition-free once the attacker has a valid session ID to target; no race conditions or special environmental factors apply.

Blast Radius

The attacker reads full session transcripts from other users' profiles, including all conversation history stored in those sessions.
Any sensitive or confidential information a user typed into Hermes WebUI during a session is exposed to the attacker.
Session identifiers for foreign sessions can be harvested, enabling the attacker to chain further unauthorized actions against those sessions.
Integrity and availability of the targeted data are not directly affected; the impact is confined to confidentiality of session data.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-55198 is active across all connected registries and pipelines, with findings surfaced within minutes of the CVE's publication date of 2026-06-17. Where compliance policy permits, HarborGuard can rebuild affected images at the patched version 0.51.443 automatically. For customers who opt into auto-remediation, the typical flow is a rebuilt image, a regression-test run, and a PR opened against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for high-severity issues in environments with auto-remediation enabled. Customers who manage patching manually can retrieve the rebuilt image from their HarborGuard registry view and apply it on their own schedule.

See how HarborGuard automates this

Fix available

0.51.443

Patch commits

Patch Commit

Affected packages

nesquena / hermes-webui
< 0.51.443 (from 0)
Fixed in 0.51.443

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available