Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation
High severity
GitHub Reviewed
Published
Jun 17, 2026
to the GitHub Advisory Database
•
Updated Jun 19, 2026
Give feedback on Dependabot alerts