A vulnerability categorized as critical has been discovered in NousResearch hermes-agent up to 0.15.x on WebSocket. Affected by this vulnerability is an unknown functionality of the file /api/pty of the component WebSocket Endpoint . Such manipulation leads to missing authentication. This vulnerability is documented as CVE-2026-53869 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.