CVE-2026-53871: Reliance on Cookies without Validation and Integrity Checking in nesquena hermes-webui
Hermes WebUI versions before 0.51.368 have an authorization bypass vulnerability due to reliance on cookies without validation and integrity checking. The vulnerability exists in the get_profile_cookie() function, which accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge this cookie to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
AI Analysis
Technical Summary
CVE-2026-53871 describes an authorization bypass vulnerability in nesquena's hermes-webui prior to version 0.51.368. The issue stems from the get_profile_cookie() function accepting unauthenticated profile names from the hermes_profile cookie without validation or integrity checks. This allows an authenticated attacker to forge the cookie value, bypassing profile-scoped authorization controls and gaining unauthorized access to sessions, files, and resources belonging to other profiles.
Potential Impact
The vulnerability allows an authenticated attacker to bypass profile-level authorization restrictions by forging the hermes_profile cookie. This can lead to unauthorized access to sessions, files, and resources across different user profiles, potentially exposing sensitive data and compromising user isolation within the application.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch link is provided, users should monitor the vendor's communications for updates. In the meantime, consider restricting access to trusted users and environments and avoid relying solely on cookie values for authorization decisions.
CVE-2026-53871: Reliance on Cookies without Validation and Integrity Checking in nesquena hermes-webui
Description
Hermes WebUI versions before 0.51.368 have an authorization bypass vulnerability due to reliance on cookies without validation and integrity checking. The vulnerability exists in the get_profile_cookie() function, which accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge this cookie to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
CVSS v4.0
Score 8.6high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-53871 describes an authorization bypass vulnerability in nesquena's hermes-webui prior to version 0.51.368. The issue stems from the get_profile_cookie() function accepting unauthenticated profile names from the hermes_profile cookie without validation or integrity checks. This allows an authenticated attacker to forge the cookie value, bypassing profile-scoped authorization controls and gaining unauthorized access to sessions, files, and resources belonging to other profiles.
Potential Impact
The vulnerability allows an authenticated attacker to bypass profile-level authorization restrictions by forging the hermes_profile cookie. This can lead to unauthorized access to sessions, files, and resources across different user profiles, potentially exposing sensitive data and compromising user isolation within the application.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch link is provided, users should monitor the vendor's communications for updates. In the meantime, consider restricting access to trusted users and environments and avoid relying solely on cookie values for authorization decisions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-10T21:23:54.283Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a32e8dcf198dc38c1e39893
Added to database: 6/17/2026, 6:35:08 PM
Last enriched: 6/17/2026, 6:50:05 PM
Last updated: 6/17/2026, 9:04:36 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.