{"api_version":"1","generated_at":"2026-06-01T19:51:11+00:00","cve":"CVE-2026-9354","urls":{"html":"https://cve.report/CVE-2026-9354","api":"https://cve.report/api/cve/CVE-2026-9354.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-9354","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-9354"},"summary":{"title":"NousResearch hermes-agent Slack Agent/Mattermost Agent escape output","description":"A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-05-24 05:16:40","updated_at":"2026-05-26 19:50:21"},"problem_types":["CWE-74","CWE-116","CWE-116 Escaping of Output","CWE-74 Injection"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"5.5","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"6.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":6.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR","data":{"baseScore":6.4,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://vuldb.com/vuln/365317","name":"https://vuldb.com/vuln/365317","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gist.github.com/YLChen-007/e90fb38ac03284176bae49898a3a46a4","name":"https://gist.github.com/YLChen-007/e90fb38ac03284176bae49898a3a46a4","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/365317/cti","name":"https://vuldb.com/vuln/365317/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/812226","name":"https://vuldb.com/submit/812226","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-9354","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9354","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.0","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.1","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.2","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.3","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.4","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.5","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.6","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.7","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.8","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.9","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.10","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.11","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.12","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.13","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.14","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.15","platforms":[]},{"source":"CNA","vendor":"NousResearch","product":"hermes-agent","version":"affected 2026.4.16","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-05-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-05-23T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-05-23T11:24:56.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Eric-i (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB CNA Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"9354","cve":"CVE-2026-9354","epss":"0.000570000","percentile":"0.181720000","score_date":"2026-05-31","updated_at":"2026-06-01 00:08:20"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"],"modules":["Slack Agent/Mattermost Agent"],"product":"hermes-agent","vendor":"NousResearch","versions":[{"status":"affected","version":"2026.4.0"},{"status":"affected","version":"2026.4.1"},{"status":"affected","version":"2026.4.2"},{"status":"affected","version":"2026.4.3"},{"status":"affected","version":"2026.4.4"},{"status":"affected","version":"2026.4.5"},{"status":"affected","version":"2026.4.6"},{"status":"affected","version":"2026.4.7"},{"status":"affected","version":"2026.4.8"},{"status":"affected","version":"2026.4.9"},{"status":"affected","version":"2026.4.10"},{"status":"affected","version":"2026.4.11"},{"status":"affected","version":"2026.4.12"},{"status":"affected","version":"2026.4.13"},{"status":"affected","version":"2026.4.14"},{"status":"affected","version":"2026.4.15"},{"status":"affected","version":"2026.4.16"}]}],"credits":[{"lang":"en","type":"reporter","value":"Eric-i (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB CNA Team"}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"baseScore":6.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":6.4,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-116","description":"Escaping of Output","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-74","description":"Injection","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-24T04:15:07.598Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-365317 | NousResearch hermes-agent Slack Agent/Mattermost Agent escape output","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/365317"},{"name":"VDB-365317 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/365317/cti"},{"name":"Submit #812226 | NousResearch hermes-agent 2026.4.16 Improper Encoding or Escaping of Output (CWE-116)","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/812226"},{"tags":["exploit"],"url":"https://gist.github.com/YLChen-007/e90fb38ac03284176bae49898a3a46a4"}],"timeline":[{"lang":"en","time":"2026-05-23T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-05-23T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-05-23T11:24:56.000Z","value":"VulDB entry last update"}],"title":"NousResearch hermes-agent Slack Agent/Mattermost Agent escape output"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-9354","datePublished":"2026-05-24T04:15:07.598Z","dateReserved":"2026-05-23T09:19:41.024Z","dateUpdated":"2026-05-24T04:15:07.598Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-24 05:16:40","lastModifiedDate":"2026-05-26 19:50:21","problem_types":["CWE-74","CWE-116","CWE-116 Escaping of Output","CWE-74 Injection"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"9354","Ordinal":"1","Title":"NousResearch hermes-agent Slack Agent/Mattermost Agent escape ou","CVE":"CVE-2026-9354","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"9354","Ordinal":"1","NoteData":"A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument format_message results in escaping of output. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","Type":"Description","Title":"NousResearch hermes-agent Slack Agent/Mattermost Agent escape ou"}]}}}