| Título | Nous Research hermes-agent v2026.4.30 Improper Handling of Case Sensitivity Leading to Information Disclosure (CWE-178) |
|---|
| Descripción | # Technical Details
A hidden reasoning content leak exists in the `GatewayStreamConsumer._filter_and_accumulate()` method in `gateway/stream_consumer.py` and the `HermesCLI._stream_delta()` method in `cli.py` of hermes-agent.
The application fails to normalize or compare reasoning tags case-insensitively during live streaming. The hardcoded tag lists only cover some exact-case variants, so uppercase or mixed-case tags such as `<THINK>`, `<Think>`, `<THOUGHT>`, and `<REASONING>` bypass the real-time filter and are rendered to the end user before later post-processing strips them.
# Vulnerable Code
File: `gateway/stream_consumer.py`
Method: `GatewayStreamConsumer._filter_and_accumulate()`
Why: `_OPEN_THINK_TAGS` and `_CLOSE_THINK_TAGS` contain an incomplete set of case variants, and the method uses exact `buf.find(tag)` matching. The duplicated logic in `cli.py` uses the same flawed approach, allowing unlisted case variants to pass through.
# Reproduction
1. Download and run the PoC script `poc_exploit.py` from the linked advisory environment.
2. Feed simulated streamed model output containing uppercase or mixed-case reasoning tags such as `<THINK>Secret reasoning</THINK>` through `_filter_and_accumulate()`.
3. Observe that the hidden reasoning content is accumulated and displayed instead of being suppressed.
4. Run the control script with listed lowercase tags and confirm those are filtered correctly.
# Impact
- Hidden chain-of-thought, system prompts, and internal reasoning can be exposed to end users during streaming.
- Tool arguments, file paths, API endpoints, and other sensitive runtime context may be disclosed on connected platforms. |
|---|
| Fuente | ⚠️ https://gist.github.com/YLChen-007/2229e5505bcbb3e15a7ae8fba4c4be37,https://github.com/NousResearch/hermes-agent/issues/27288 |
|---|
| Usuario | Eric-a (UID 96353) |
|---|
| Sumisión | 2026-06-01 10:13 (hace 1 mes) |
|---|
| Moderación | 2026-07-03 18:31 (1 month later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 376134 [NousResearch hermes-agent hasta 2026.4.30 Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate divulgación de información] |
|---|
| Puntos | 20 |
|---|