EUVD-2026-24515

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

CVE-2026-6830

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

CVE-2026-6830

The CVE concerns nesquena Hermes WebUI, where switching profiles fails to clear environment variables from the previous profile, enabling leakage of sensitive credentials (e.g., provider API keys) between profiles. The underlying issue is residual environment variables that persist across profile...

CVE-2026-6830

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...

PT-2026-34194

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...