What happened
A path traversal vulnerability in hermes-agent's webhook media-extraction handler allows remote, unauthenticated file reads via crafted requests. Published to NVD July 4, 2026, CVSS 5.3 (Medium); public exploit exists.
Why it matters
Exposes files on the host running the agent gateway to unauthenticated remote read, potentially including configuration files, credentials, or conversation logs handled by the agent.
Attack vector
The extract_media function in gateway/platforms/base.py fails to sanitize file paths derived from webhook input, allowing a remote unauthenticated attacker to read files outside the intended directory via the Live Webhook Endpoint.
Affected systems
NousResearch hermes-agent ≤ 2026.5.16
Mitigation
No confirmed fixed version at publication; vendor reportedly unresponsive to disclosure. Restrict exposure of the live webhook endpoint and validate/sandbox file paths as a workaround.