A vulnerability classified as critical was found in NousResearch hermes-agent up to 2026.4.16 . This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler . Such manipulation leads to sandbox issue. This vulnerability is referenced as CVE-2026-9368 . It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.