A vulnerability was found in NousResearch hermes-agent up to 2026.4.23 and classified as critical . This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the component Credential Pool Synchronization . The manipulation results in improper authentication. This vulnerability is cataloged as CVE-2026-10548 . The attack must be initiated from a local position. Furthermore, there is an exploit available. The vendor was contacted early about this