CVE-2026-53871 Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie
Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...