A vulnerability labeled as critical has been found in NousResearch hermes-agent up to 2026.4.16 . This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner . Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-9350 . The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.