제출 #812230: NousResearch hermes-agent 2026.4.23 Incorrect Comparison (CWE-697)정보

제목	NousResearch hermes-agent 2026.4.23 Incorrect Comparison (CWE-697)
설명	# Technical Details A Remote Code Execution vulnerability via configuration bypass exists in the `_discover_dashboard_plugins()` method in `hermes_cli/web_server.py` of hermes-agent. The application fails to safely parse boolean environment variables when authenticating project plugins (specifically `HERMES_ENABLE_PROJECT_PLUGINS`), evaluating non-empty opt-out strings like `false` as Python `True` truthy contexts rather than utilizing the secure `utils.env_var_enabled` helper. # Vulnerable Code File: hermes_cli/web_server.py Method: _discover_dashboard_plugins() Why: The checking logic fetches raw strings using `os.environ.get("HERMES_ENABLE_PROJECT_PLUGINS")`. Because strings like "false" evaluate correctly under boolean checks, protective disablement settings are flipped. The platform automatically imports and runs custom local plugins using `_mount_plugin_api_routes()`. # Reproduction 1. Ensure the user environment sets `HERMES_ENABLE_PROJECT_PLUGINS=false`. 2. Navigate to an attacker-controlled directory containing malicious dashboard plugins (`.hermes/plugins/<name>/dashboard/manifest.json` pointing to `api.py`). 3. Instantiate the CLI web-dashboard interface via `hermes --web`. 4. The system interprets `false` as enabled, and imports the malicious `api.py` module, immediately executing its remote code context at privilege level. # Impact - Pre-auth Remote Code Execution (RCE). - Users purposefully disabling unsafe plugins directly induce vulnerability triggers when accessing arbitrary repositories.
원천	⚠️ https://gist.github.com/YLChen-007/062b77ceac6aa9844842a616f5d2ef30
사용자	Eric-i (UID 97584)
제출	2026. 04. 24. PM 03:03 (1 월 ago)
모더레이션	2026. 05. 23. PM 12:33 (29 days later)
상태	수락
VulDB 항목	365332 [NousResearch hermes-agent 2026.4.23 CLI web-dashboard Interface hermes_cli/web_server.py _discover_dashboard_plugins HERMES_ENABLE_PROJECT_PLUGINS 권한 상승]
포인트들	20

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!