{"api_version":"1","generated_at":"2026-06-01T17:07:19+00:00","cve":"CVE-2026-10223","urls":{"html":"https://cve.report/CVE-2026-10223","api":"https://cve.report/api/cve/CVE-2026-10223.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-10223","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-10223"},"summary":{"title":"NousResearch hermes-agent memory_tool.py _scan_memory_content injection","description":"A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-06-01 06:16:37","updated_at":"2026-06-01 15:15:37"},"problem_types":["CWE-74","CWE-707","CWE-74 Injection","CWE-707 Improper Neutralization"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"2.1","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Primary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","data":{"baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://vuldb.com/vuln/367502","name":"https://vuldb.com/vuln/367502","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/822021","name":"https://vuldb.com/submit/822021","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/cve/CVE-2026-10223","name":"https://vuldb.com/cve/CVE-2026-10223","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4","name":"https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/367502/cti","name":"https://vuldb.com/vuln/367502/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-10223","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-10223","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.0","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.1","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.2","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.3","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.4","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.5","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.6","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.7","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.8","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.9","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.10","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.11","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.12","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.13","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.14","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.15","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.16","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.17","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.18","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.19","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.20","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.21","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.22","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.23","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.24","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.25","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.26","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.27","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.28","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.29","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.30","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-05-31T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-05-31T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-05-31T09:56:45.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Eric-j (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB CNA Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-10223","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-01T14:56:41.408760Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-01T14:56:52.653Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"],"product":"hermes-agent","vendor":"NousResearch","versions":[{"status":"affected","version":"2026.4.0"},{"status":"affected","version":"2026.4.1"},{"status":"affected","version":"2026.4.2"},{"status":"affected","version":"2026.4.3"},{"status":"affected","version":"2026.4.4"},{"status":"affected","version":"2026.4.5"},{"status":"affected","version":"2026.4.6"},{"status":"affected","version":"2026.4.7"},{"status":"affected","version":"2026.4.8"},{"status":"affected","version":"2026.4.9"},{"status":"affected","version":"2026.4.10"},{"status":"affected","version":"2026.4.11"},{"status":"affected","version":"2026.4.12"},{"status":"affected","version":"2026.4.13"},{"status":"affected","version":"2026.4.14"},{"status":"affected","version":"2026.4.15"},{"status":"affected","version":"2026.4.16"},{"status":"affected","version":"2026.4.17"},{"status":"affected","version":"2026.4.18"},{"status":"affected","version":"2026.4.19"},{"status":"affected","version":"2026.4.20"},{"status":"affected","version":"2026.4.21"},{"status":"affected","version":"2026.4.22"},{"status":"affected","version":"2026.4.23"},{"status":"affected","version":"2026.4.24"},{"status":"affected","version":"2026.4.25"},{"status":"affected","version":"2026.4.26"},{"status":"affected","version":"2026.4.27"},{"status":"affected","version":"2026.4.28"},{"status":"affected","version":"2026.4.29"},{"status":"affected","version":"2026.4.30"}]}],"credits":[{"lang":"en","type":"reporter","value":"Eric-j (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB CNA Team"}],"descriptions":[{"lang":"en","value":"A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-74","description":"Injection","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-707","description":"Improper Neutralization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T04:15:05.930Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-367502 | NousResearch hermes-agent memory_tool.py _scan_memory_content injection","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/367502"},{"name":"VDB-367502 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/367502/cti"},{"name":"CVE-2026-10223 | CVE Analysis and Report","tags":["third-party-advisory"],"url":"https://vuldb.com/cve/CVE-2026-10223"},{"name":"Submit #822021 | NousResearch hermes-agent <= v2026.4.30 Injection (CWE-74)","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/822021"},{"tags":["exploit"],"url":"https://gist.github.com/YLChen-007/a1fb77ad2488c545a35d0f66356ea7b4"}],"timeline":[{"lang":"en","time":"2026-05-31T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-05-31T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-05-31T09:56:45.000Z","value":"VulDB entry last update"}],"title":"NousResearch hermes-agent memory_tool.py _scan_memory_content injection"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-10223","datePublished":"2026-06-01T04:15:05.930Z","dateReserved":"2026-05-31T07:51:29.252Z","dateUpdated":"2026-06-01T14:56:52.653Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-01 06:16:37","lastModifiedDate":"2026-06-01 15:15:37","problem_types":["CWE-74","CWE-707","CWE-74 Injection","CWE-707 Improper Neutralization"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"10223","Ordinal":"1","Title":"NousResearch hermes-agent memory_tool.py _scan_memory_content in","CVE":"CVE-2026-10223","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"10223","Ordinal":"1","NoteData":"A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","Type":"Description","Title":"NousResearch hermes-agent memory_tool.py _scan_memory_content in"}]}}}