CVE-2026-9352

Affected software/area: NousResearch hermes-agent (Messaging Gateway Handler), up to 2026.4.23. Vulnerability details: A weakness in the function _make_run_env in tools/environments/local.py can lead to information disclosure. The issue may be exploitable remotely; exploit has been made publicly ...

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version 2026.4.23 of Hermes Agent contains a security vulnerability. This vulnerability stems from improper handling of the scancontextcontent function in the agent/promptbuilder.py file, which may...

OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Summary OpenClaw's bundled plugin setup resolver could fall back to process.cwd while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing extensions//setup-api.js, OpenClaw could load and execute that JavaScript during ordinary...

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration in the webhook authentication process. An attacker can continue to access protected webhook routes using a previously valid secret even after the secret ha...