CVE ID :CVE-2026-53871
Published : June 17, 2026, 5:58 p.m. | 42 minutes ago
Description :Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated profile names from the hermes_profile cookie. An authenticated attacker can forge the hermes_profile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More