A vulnerability marked as critical has been reported in NousResearch hermes-agent up to 2026.4.16 . This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component read_file Tool . Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-9351 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.