Cyber Resilience

CVE-2026-9367

Medium

Published: 24 May 2026

Published
24 May 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0175 75.0th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-9367 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A vulnerability identified as CVE-2026-9367 exists in NousResearch hermes-agent up to commit 5157f5427f19488b31c6fdebbacd15d798ce7f63. It resides in the detect_dangerous_command function within the tools/approval.py file of the terminal_tool component and stems from improper handling that permits OS command injection, corresponding to CWE-77 and CWE-78. The issue can be triggered remotely without authentication or user interaction, yielding a CVSS 4.0 score of 5.5 that reflects limited impacts to confidentiality, integrity, and availability.

An unauthenticated remote attacker can supply crafted input to the affected function and execute arbitrary operating system commands on the host running the agent. Successful exploitation grants the ability to run commands in the context of the terminal_tool process, potentially leading to unauthorized access or manipulation of the underlying system.

The exploit has been publicly disclosed via a gist and VulDB entries, with no vendor patch or mitigation guidance available after early contact yielded no response. The associated EPSS score remains flat at 0.0214 with no material increase observed since publication.

EU & UK References

Vulnerability details

A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has…

more

been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Remote OS command injection vulnerability directly enables exploitation of public-facing applications (T1190) and Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References