# CVE-2026-6829

> Vulnerability · severity: **MEDIUM** (CVSS 6.3).

## Description

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update, /api/chat/start, and /api/workspaces/add. Attackers can repoint a session workspace to a directory outside the intended trusted root and then use ordinary file read and write APIs to access or modify files outside the intended workspace boundary within the permissions of the hermes-webui process.

## Key facts

- **CVE ID:** CVE-2026-6829
- **Published:** 2026-04-21
- **CVSS severity:** MEDIUM
- **CVSS base score:** 6.3
- **CWE codes:** CWE-22

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-6829

## Citation

> AI Analytics. CVE-2026-6829. Retrieved 2026-07-17 from https://api.ai-analytics.org/cve/CVE-2026-6829. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*