CVE-2026-6830

medium

Description

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.

References

https://www.vulncheck.com/advisories/nesquena-hermes-webui-environment-variable-credential-leakage-via-profile-switch

https://github.com/nesquena/hermes-webui/releases/tag/v0.50.132

https://github.com/nesquena/hermes-webui/releases/tag/v0.50.12

https://github.com/nesquena/hermes-webui/pull/351

https://github.com/nesquena/hermes-webui/commit/88dc8bbe26a6055161d3251b70f5cd3d3c5831b0

Details

Source: Mitre, NVD

Published: 2026-04-21

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium