A vulnerability, which was classified as problematic , has been found in NousResearch hermes-agent 2026.4.23 . Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface . Performing a manipulation of the argument HERMES_ENABLE_PROJECT_PLUGINS results in incorrect comparison. This vulnerability is identified as CVE-2026-9369 . The attack is only possible with local access. Additionally, an exploit exists. The vendor was