Submit #845598: NousResearch Hermes Agent <= 75cbdfd06b Improper Authentication (CWE-287)info

TitleNousResearch Hermes Agent <= 75cbdfd06b Improper Authentication (CWE-287)
Description# Technical Details An Authentication Bypass via Cross-Guild Role Scan exists in the `DiscordAdapter._is_allowed_user` method in `gateway/platforms/discord.py` of Hermes Agent. The application fails to scope `DISCORD_ALLOWED_ROLES` checks to the originating Discord guild. When direct role information is unavailable, such as in Direct Messages or voice-processing contexts, `_is_allowed_user` falls back to scanning every mutual guild shared by the bot and the user. If the user has a role whose ID matches an allowed role in any other guild, the method returns `True`, even if the role belongs to an unrelated public or attacker-controlled server. This allows privilege scope to bleed across Discord servers and grants unauthorized bot access through DMs or other fallback-triggering contexts. # Vulnerable Code File: `gateway/platforms/discord.py` Method: `DiscordAdapter._is_allowed_user` Why: The fallback logic iterates over `self._client.guilds`, calls `guild.get_member(user_id)`, reads each member's roles, and authorizes the user if any role ID appears in `DISCORD_ALLOWED_ROLES`, without confirming that the role belongs to the intended restricted guild. # Reproduction 1. Configure Hermes Agent with `DISCORD_ALLOWED_ROLES` corresponding to a private restricted server. 2. Add the Hermes Agent bot to at least two guilds: the private restricted guild and a secondary public or attacker-controlled guild. 3. Give the attacker a role in the secondary guild whose ID matches the configured allowed role ID. 4. Download the PoC simulation script from `https://gist.github.com/YLChen-007/4490cd17b3c05ba3f43ea1e432f22e60`. 5. Run `python poc_discord_bypass.py` in the Hermes Agent environment. 6. Observe that the simulated DM attacker is authorized even though the matching role exists only in a different guild. # Impact - Full authentication bypass for Discord integrations using `DISCORD_ALLOWED_ROLES`. - Unauthorized users can gain access by sharing any mutual guild with the bot and holding a role ID that matches the configured allowed role. - Successful exploitation can permit arbitrary tool execution, memory extraction, data modification, and potential infrastructure compromise depending on enabled plugins and tools.
Source⚠️ https://gist.github.com/YLChen-007/d030c690b10a97319efb129ca2f5badb
User
 Eric-a (UID 96353)
Submission06/02/2026 03:37 (1 month ago)
Moderation07/03/2026 19:08 (1 month later)
StatusAccepted
VulDB entry376143 [NousResearch hermes-agent up to 0.15.2 Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication]
Points20

Interested in the pricing of exploits?

See the underground prices here!