CVE-2026-9367
Published: 24 May 2026
Summary
CVE-2026-9367 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A vulnerability identified as CVE-2026-9367 exists in NousResearch hermes-agent up to commit 5157f5427f19488b31c6fdebbacd15d798ce7f63. It resides in the detect_dangerous_command function within the tools/approval.py file of the terminal_tool component and stems from improper handling that permits OS command injection, corresponding to CWE-77 and CWE-78. The issue can be triggered remotely without authentication or user interaction, yielding a CVSS 4.0 score of 5.5 that reflects limited impacts to confidentiality, integrity, and availability.
An unauthenticated remote attacker can supply crafted input to the affected function and execute arbitrary operating system commands on the host running the agent. Successful exploitation grants the ability to run commands in the context of the terminal_tool process, potentially leading to unauthorized access or manipulation of the underlying system.
The exploit has been publicly disclosed via a gist and VulDB entries, with no vendor patch or mitigation guidance available after early contact yielded no response. The associated EPSS score remains flat at 0.0214 with no material increase observed since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31579
Vulnerability details
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f19488b31c6fdebbacd15d798ce7f63. This affects the function detect_dangerous_command of the file tools/approval.py of the component terminal_tool. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has…
more
been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection vulnerability directly enables exploitation of public-facing applications (T1190) and Unix shell command execution (T1059.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.