NousResearch Hermes-Agent Path Traversal Vulnerability in Read_File Tool Allowing Denial-of-Service

A path traversal vulnerability has been identified in NousResearch Hermes-Agent versions through 2026.4.16. The issue arises in the Read_File tool, specifically within the '_is_blocked_device' function in 'tools/file_tools.py'. The vulnerability allows for a manipulation that bypasses the device path blocklist, leading to a denial-of-service condition. The issue can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by hanging the agent process. In CLI mode, the user's session freezes, while in gateway mode (such as Telegram or Discord), the message-handling thread blocks indefinitely, potentially causing a complete service denial for all users. The issue is also problematic in the Batch Runner, where a single malicious prompt can disrupt a worker thread permanently.

Reproduction

To reproduce this vulnerability, first ensure that a Hermes-Agent instance is running with the default 'file' toolset enabled. Then, send a message to the agent requesting it to read the file at '/dev/./zero'. The agent will hang indefinitely, demonstrating the denial-of-service condition.