3 matches found
CVE-2026-22677
Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...
CVE-2026-22677
Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the workspace fie...
PT-2026-40774
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.44 Release T Description A path traversal issue exists in the session import endpoint. Authenticated attackers can read arbitrary files by importing a crafted session containing an unrestricted workspace...