A vulnerability described as critical has been identified in NousResearch hermes-agent 2026.4.23 . The impacted element is the function _scan_context_content of the file agent/prompt_builder.py . The manipulation results in injection. This vulnerability was named CVE-2026-9366 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.