CVE-2026-15311 in hermes-agentinfo

Summary

by MITRE • 07/10/2026

A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

This vulnerability resides within the NousResearch hermes-agent software version 2026.5.29.2 and earlier, specifically targeting the MatrixAdapter._markdown_to_html function located in gateway/platforms/matrix.py. The flaw represents a classic cross-site scripting vulnerability that occurs when user-supplied markdown content is improperly sanitized before being converted to HTML format for display within the matrix communication platform. This type of vulnerability falls under CWE-79 which categorizes improper neutralization of input during web page generation, making it particularly dangerous in web-based messaging systems where users can inject malicious code through formatted text.

The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the markdown to HTML conversion process. When the MatrixAdapter processes incoming messages containing markdown formatting, it fails to properly escape or filter potentially malicious content that could include script tags, event handlers, or other XSS payloads. The remote execution capability means that attackers can craft malicious markdown content that will be processed by the vulnerable application when other users view the messages, creating a persistent threat vector within the messaging environment.

The operational impact of this vulnerability extends beyond simple data theft or disruption, as it enables attackers to execute arbitrary JavaScript code in the context of affected users' browsers. This could lead to session hijacking, credential theft, or redirection to malicious sites, particularly dangerous in enterprise environments where the hermes-agent might be used for sensitive communications. The fact that a public exploit exists and is actively being used increases the risk profile significantly, as organizations cannot rely on the vulnerability remaining unexploited.

Organizations should immediately implement mitigation strategies including input sanitization of all markdown content, deployment of content security policies to restrict script execution, and regular updates to ensure they are running patched versions of the hermes-agent software. The vulnerability aligns with ATT&CK technique T1566 which describes social engineering tactics involving malicious content delivery, and T1071.004 which covers application layer protocol usage for command and control communications. Given that the fix is pending acceptance in a pull request, immediate defensive measures should be implemented while monitoring for any exploitation attempts within network traffic logs or user activity patterns.

Responsible

VulDB

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!