NousResearch Hermes-Agent Information Leak Vulnerability in Messaging Gateway Handler

A vulnerability allowing information disclosure has been identified in NousResearch Hermes-Agent versions through 2026.4.23. The issue arises in the Messaging Gateway Handler component, specifically within the _make_run_env function of tools/environments/local.py. The vulnerability allows sensitive messaging platform credentials to be leaked to subprocesses, potentially leading to unauthorized access to these platforms. The flaw can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability causes an information leak of unredacted messaging gateway credentials to subprocesses, which could be extracted and used to access the corresponding messaging platforms. This access might allow an attacker to control enterprise bots, impersonate corporate communications, or retrieve private organizational data accessible to the bots.

Reproduction

The vulnerability can be reproduced by enabling the 'terminal' or 'execute_code' tools, which are active by default. After configuring a supported messaging platform with sensitive credentials during the setup process, the 'TERMINAL_ENV' should be set to 'local'. Once these conditions are met, an agent command can be injected through a messaging interface to exfiltrate the unblocked credentials from the subprocess environment.