CVE-2026-14626 in hermes-agent
Summary
by MITRE • 07/04/2026
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/04/2026
The vulnerability identified in NousResearch hermes-agent version 2026.4.30 represents a critical denial of service weakness within the HTTP API component that specifically affects the AIAgent.run_conversation function in run_agent.py. This flaw manifests through improper handling of the todos argument parameter, creating a pathway for malicious actors to disrupt system operations. The vulnerability's remote exploitability means that attackers can initiate attacks without physical access to the target system, making it particularly dangerous in networked environments where the API is exposed to external traffic.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization within the argument processing pipeline. When the todos parameter is manipulated in specific ways, it triggers unexpected behavior in the conversation execution logic that can cause the application to hang, crash, or become unresponsive to legitimate requests. This weakness falls under the category of improper input handling that aligns with CWE-20, which addresses "Improper Input Validation" as a fundamental security flaw pattern. The vulnerability's impact extends beyond simple service interruption since it can be leveraged to create persistent denial of service conditions that may require system restarts or manual intervention to resolve.
The operational consequences of this vulnerability are significant for any organization relying on the hermes-agent framework, particularly those using the HTTP API for automated conversation processing or integration with other systems. Attackers can exploit this weakness to systematically disrupt services, potentially causing cascading failures in dependent applications that rely on the agent's functionality. The public availability of exploitation tools further amplifies the risk as it lowers the barrier to entry for malicious actors who may not possess advanced technical skills but can still execute effective denial of service attacks against vulnerable systems.
Security practitioners should implement immediate mitigations including input validation controls at the API boundary, rate limiting mechanisms to prevent abuse, and monitoring for anomalous parameter patterns that could indicate exploitation attempts. The lack of vendor response to early disclosure highlights the importance of proactive security measures and community-driven vulnerability management strategies. Organizations using this software should consider implementing network segmentation to limit exposure, deploying intrusion detection systems to monitor for exploitation signatures, and preparing incident response procedures specific to denial of service attacks targeting API components. This vulnerability demonstrates how seemingly simple parameter handling flaws can create substantial operational risks that require comprehensive defensive measures aligned with ATT&CK framework's TA0043 (Reconnaissance) and TA0045 (Initial Access) tactics, as attackers may use this weakness as part of broader attack chains to establish persistent access or disrupt critical services.