CVE-2026-11322: CWE-59 Improper Link Resolution Before File Access ('Link Following') in nesquena Hermes WebUI
CVE-2026-11322 is a path traversal vulnerability in nesquena Hermes WebUI versions prior to 0. 51. 221. It allows attackers with limited privileges to supply symbolic links that resolve outside the intended workspace directory. This improper link resolution enables reading of files outside the workspace boundary, potentially exposing sensitive data such as SSH keys, cloud credentials, or application tokens. The vulnerability affects the workspace file and listing APIs that do not enforce path restrictions after symlink resolution. The CVSS score is 6. 5, indicating a medium severity level. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
Hermes WebUI before version 0.51.221 contains a CWE-59 improper link resolution vulnerability. Attackers can exploit the workspace file and listing APIs by providing symlinks that resolve to locations outside the workspace root. Because the application does not verify that the resolved path remains within the workspace, this allows unauthorized reading of arbitrary files accessible to the server process. The vulnerability can lead to disclosure of sensitive host files including SSH keys and cloud credentials. The CVSS 3.1 base score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, and high confidentiality impact without integrity or availability impact. No patch or official remediation level has been published by the vendor as of the publication date.
Potential Impact
Successful exploitation allows an attacker with limited privileges to read arbitrary files on the server hosting Hermes WebUI by bypassing workspace directory restrictions via symlink resolution. This can lead to disclosure of sensitive information such as SSH private keys, cloud service credentials, and application tokens. There is no indication of integrity or availability impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the Hermes WebUI server to trusted users only and monitor for suspicious activity. Avoid exposing the service to untrusted networks. Do not rely on the workspace file and listing APIs for sensitive operations without additional access controls.
CVE-2026-11322: CWE-59 Improper Link Resolution Before File Access ('Link Following') in nesquena Hermes WebUI
Description
CVE-2026-11322 is a path traversal vulnerability in nesquena Hermes WebUI versions prior to 0. 51. 221. It allows attackers with limited privileges to supply symbolic links that resolve outside the intended workspace directory. This improper link resolution enables reading of files outside the workspace boundary, potentially exposing sensitive data such as SSH keys, cloud credentials, or application tokens. The vulnerability affects the workspace file and listing APIs that do not enforce path restrictions after symlink resolution. The CVSS score is 6. 5, indicating a medium severity level. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.
CVSS v3.1
Score 6.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Hermes WebUI before version 0.51.221 contains a CWE-59 improper link resolution vulnerability. Attackers can exploit the workspace file and listing APIs by providing symlinks that resolve to locations outside the workspace root. Because the application does not verify that the resolved path remains within the workspace, this allows unauthorized reading of arbitrary files accessible to the server process. The vulnerability can lead to disclosure of sensitive host files including SSH keys and cloud credentials. The CVSS 3.1 base score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, and high confidentiality impact without integrity or availability impact. No patch or official remediation level has been published by the vendor as of the publication date.
Potential Impact
Successful exploitation allows an attacker with limited privileges to read arbitrary files on the server hosting Hermes WebUI by bypassing workspace directory restrictions via symlink resolution. This can lead to disclosure of sensitive information such as SSH private keys, cloud service credentials, and application tokens. There is no indication of integrity or availability impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the Hermes WebUI server to trusted users only and monitor for suspicious activity. Avoid exposing the service to untrusted networks. Do not rely on the workspace file and listing APIs for sensitive operations without additional access controls.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-04T21:29:10.986Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a21f664e29bf47b50d67d4e
Added to database: 6/4/2026, 10:04:20 PM
Last enriched: 6/4/2026, 10:18:32 PM
Last updated: 6/5/2026, 12:59:31 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.