Vulnerability  ·  2026-07-11

Hermes WebUI — Authentication Bypass via Spoofed X-Forwarded-For Enables SSRF and Config Takeover (CVSS 9.1)

VulnerabilityHigh impactGlobalCVE-2026-58122
Hermes WebUI before 0.51.307 restricts onboarding endpoints to local-origin IPs, but the check trusts a client-supplied X-Forwarded-For header. An unauthenticated remote attacker can spoof a loopback address in this header to bypass the restriction, then perform SSRF against internal services (including cloud metadata endpoints), overwrite LLM provider configuration and API keys with attacker-controlled values, or initiate OAuth device-code flows to obtain persistent access tokens stored in auth.json.
A self-hosted AI chat platform's entire trust boundary for sensitive onboarding/config endpoints collapses to a single spoofable HTTP header, letting a remote unauthenticated attacker pivot to cloud metadata SSRF and hijack the LLM provider configuration and stored credentials — a full compromise of the deployment's AI backend trust chain.
Unauthenticated request to onboarding endpoint with spoofed X-Forwarded-For: 127.0.0.1 header bypasses local-origin IP restriction, enabling SSRF and config/API-key overwrite
Hermes WebUI < 0.51.307
Upgrade to Hermes WebUI ≥0.51.307; do not trust client-supplied X-Forwarded-For for authentication decisions
Sherlock ForensicsTheHackerWire
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →