Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation
High severity
GitHub Reviewed
Published
Jun 17, 2026
to the GitHub Advisory Database
•
Updated Jun 19, 2026
Description
Published by the National Vulnerability Database
Jun 17, 2026
Published to the GitHub Advisory Database
Jun 17, 2026
Reviewed
Jun 19, 2026
Last updated
Jun 19, 2026
Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output.
References