CVE-2026-14626
NousResearch hermes-agent (up to 2026.4.30), specifically the HTTP API component and AIAgent.run_conversation in run_agent.py, is vulnerable. The issue arises from manipulation of the todos argument, enabling remote denial of service. Public exploit is noted, and the vendor was contacted without ...