Enviar #812229: NousResearch hermes-agent 2026.4.16 Improper Privilege Management (CWE-269)información

TítuloNousResearch hermes-agent 2026.4.16 Improper Privilege Management (CWE-269)
Descripción# Technical Details Unrestricted host code execution and credential leakage exists in the `execute_code()` method in `tools/code_execution_tool.py` of hermes-agent. The application fails to apply dangerous-command approval paths or comprehensively scrub subprocess environment variables, utilizing a substring-based blocklist (`_SECRET_SUBSTRINGS`) that omits many standard credential naming implementations and using excessive passthrough prefixes (`HERMES_*`). # Vulnerable Code File: tools/code_execution_tool.py Method: execute_code() Why: The code spawns python executions directly through `subprocess.Popen()` without requesting evaluations via the default standard `_check_all_guards()` mechanism seen in terminal operations. Additionally, variables without substring match definitions in `_SECRET_SUBSTRINGS` (i.e., `DATABASE_URL`) are leaked into the executing subprocess scope. # Reproduction 1. Through prompt injection or interaction, induce the Agent to run python payloads via `execute_code`. 2. The payload accesses and iterates over `os.environ`. 3. Secrets mapping to unsupported namespaces (e.g., `DATABASE_URL`, `SLACK_WEBHOOK`, `AWS_ACCESS_ID`) are accessed in plaintext. 4. The payload natively requests the internet directly downloading malicious resources, completely unprompted. # Impact - Arbitrary Python code execution on the host without interactive confirmation. - Subprocess environmental credential leakage allowing attackers to remotely exfiltrate sensitive data.
Fuente⚠️ https://gist.github.com/YLChen-007/43c72d19668421abe8ce10f299323a0a
Usuario
 Eric-i (UID 97584)
Sumisión2026-04-24 15:02 (hace 1 mes)
Moderación2026-05-23 12:33 (29 days later)
EstadoAceptado
Entrada de VulDB365331 [NousResearch hermes-agent hasta 2026.4.16 Environment Variable code_execution_tool.py execute_code escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!