2 matches found
EUVD-2026-35497
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...
PT-2026-48119
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.296 Description An authenticated attacker can bypass workspace boundary checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within the remote terminal workspace...