A vulnerability identified as critical has been detected in nesquena hermes-webui up to 0.51.367 . Affected by this issue is the function get_profile_cookie . Performing a manipulation results in cookies without validation. This vulnerability is reported as CVE-2026-53871 . The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.