SYS::ONLINE
Wasteland.
Briefs1145
Issues18
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-58122 2026-07-09

CVE-2026-58122: Authentication Bypass in Hermes WebUI via X-Forwarded-For Spoofing

"A critical authentication bypass in Hermes WebUI lets unauthenticated remote attackers spoof a loopback address to reach protected onboarding endpoints, enabling SSRF, credential theft, and persistent access token…"

A critical authentication bypass in Hermes WebUI lets unauthenticated remote attackers spoof a loopback address to reach protected onboarding endpoints, enabling SSRF, credential theft, and persistent access token capture.

What Is It

CVE-2026-58122 is an authentication bypass vulnerability (CWE-348: Use of Less Trusted Source) affecting Hermes WebUI before version 0.51.307. The onboarding endpoints are meant to be restricted to local-origin IP addresses, but the application trusts a client-supplied X-Forwarded-For header. By sending that header with a loopback address, an unauthenticated remote attacker circumvents the IP restriction and gains access to endpoints that should only be reachable locally.

Why It Matters

Once the origin check is bypassed, the attacker can chain several high-impact actions. Per the NVD record, they can perform server-side request forgery (SSRF) against internal services, including cloud metadata endpoints, overwrite the LLM provider configuration and API keys with attacker-controlled values, or initiate OAuth device-code flows to obtain persistent access tokens stored in auth.json. The vulnerability carries a CVSS 3.1 base score of 9.1 (CRITICAL), with a network attack vector, low complexity, and no privileges or user interaction required. It rates HIGH for both confidentiality and integrity impact. (VulnCheck's CVSS 4.0 secondary metric scores it 9.3.)

Note: No CISA KEV entry was supplied for this CVE, so there is no confirmation of active exploitation in the source material.

What's Vulnerable

Patch Status

The issue is fixed in Hermes WebUI 0.51.307. Operators running any earlier version should upgrade to 0.51.307 or later. The fix is available via the tagged release and the associated commit and pull request listed below.

Sources