216.73.217.80

CVE-2026-6830

· Published 21/04/2026 22:16 · Modified 22/04/2026 21:20

Labels: CVE-2026-6830 2026-04-21CVE-2026-6830CWE-459[email protected]

Essential information

Published
21/04/2026 22:16
Modified
22/04/2026 21:20
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys and other sensitive secrets from one profile context in another profile, breaking expected security isolation between profiles.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nesquena / hermes webui cpe:2.3:a:nesquena:hermes_webui:*:*:*:*:*:*:*:*

References