What happened
A protection-mechanism failure in the shell.exec handler of hermes-agent's TUI gateway server permits remote triggering of shell command execution, with a public exploit already available. Published to NVD July 4, 2026, CVSS 6.3 (Medium).
Why it matters
hermes-agent is an agent framework where shell execution is a core capability; a bypass of the protections gating that capability effectively hands a remote attacker command execution on the host running the agent gateway — a direct agent-execution attack class with a public exploit, not merely theoretical.
Attack vector
The shell.exec function in tui_gateway/server.py fails to properly enforce its protection mechanism, allowing a remote actor to trigger unintended shell command execution against the agent gateway. The exploit has reportedly already been released publicly.
Affected systems
NousResearch hermes-agent ≤ 0.15.2
Mitigation
No fixed version confirmed at time of writing; monitor NousResearch hermes-agent repository for a patch and restrict network exposure of the TUI gateway pending remediation.