HIGH7.5CVE-2026-53869Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation
from 0, < 0.16.0
MEDIUM5.5CVE-2026-53870Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)