إرسال #812230: NousResearch hermes-agent 2026.4.23 Incorrect Comparison (CWE-697)المعلومات

عنوانNousResearch hermes-agent 2026.4.23 Incorrect Comparison (CWE-697)
الوصف# Technical Details A Remote Code Execution vulnerability via configuration bypass exists in the `_discover_dashboard_plugins()` method in `hermes_cli/web_server.py` of hermes-agent. The application fails to safely parse boolean environment variables when authenticating project plugins (specifically `HERMES_ENABLE_PROJECT_PLUGINS`), evaluating non-empty opt-out strings like `false` as Python `True` truthy contexts rather than utilizing the secure `utils.env_var_enabled` helper. # Vulnerable Code File: hermes_cli/web_server.py Method: _discover_dashboard_plugins() Why: The checking logic fetches raw strings using `os.environ.get("HERMES_ENABLE_PROJECT_PLUGINS")`. Because strings like "false" evaluate correctly under boolean checks, protective disablement settings are flipped. The platform automatically imports and runs custom local plugins using `_mount_plugin_api_routes()`. # Reproduction 1. Ensure the user environment sets `HERMES_ENABLE_PROJECT_PLUGINS=false`. 2. Navigate to an attacker-controlled directory containing malicious dashboard plugins (`.hermes/plugins/<name>/dashboard/manifest.json` pointing to `api.py`). 3. Instantiate the CLI web-dashboard interface via `hermes --web`. 4. The system interprets `false` as enabled, and imports the malicious `api.py` module, immediately executing its remote code context at privilege level. # Impact - Pre-auth Remote Code Execution (RCE). - Users purposefully disabling unsafe plugins directly induce vulnerability triggers when accessing arbitrary repositories.
المصدر⚠️ https://gist.github.com/YLChen-007/062b77ceac6aa9844842a616f5d2ef30
المستخدم
 Eric-i (UID 97584)
ارسال24/04/2026 03:03 PM (1 شهر منذ)
الاعتدال23/05/2026 12:33 PM (29 days later)
الحالةتمت الموافقة
إدخال VulDB365332 [NousResearch hermes-agent 2026.4.23 CLI web-dashboard Interface hermes_cli/web_server.py _discover_dashboard_plugins HERMES_ENABLE_PROJECT_PLUGINS تجاوز الصلاحيات]
النقاط20

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!