DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-9354: CVE-2026-9354: Arbitrary Mass Mention Bypass in NousResearch hermes-agent Slack and Mattermost Adapters

#security #cve #cybersecurity

CVE-2026-9354: Arbitrary Mass Mention Bypass in NousResearch hermes-agent Slack and Mattermost Adapters

Vulnerability ID: CVE-2026-9354
CVSS Score: 6.9
Published: 2026-05-24

A vulnerability in the Slack and Mattermost platform adapters for NousResearch hermes-agent permits an unauthenticated remote attacker to execute arbitrary mass mentions. By leveraging prompt injection, an attacker can bypass output sanitization logic and trigger workspace-wide notification exhaustion.

TL;DR

Unauthenticated prompt injection in hermes-agent Slack and Mattermost adapters allows attackers to trigger mass ping notifications via unescaped tags.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-116 / CWE-20
  • Attack Vector: Network (Prompt Injection)
  • CVSS 4.0: 6.9 (Medium)
  • CVSS 3.1: 5.4 (Medium)
  • Impact: Availability (Notification Exhaustion)
  • Exploit Status: Public PoC Available
  • CISA KEV: Not Listed

Affected Systems

  • NousResearch hermes-agent <= 2026.4.16 (Slack Adapter)
  • NousResearch hermes-agent <= 2026.4.16 (Mattermost Adapter)
  • hermes-agent: <= 2026.4.16

Exploit Details

  • GitHub Gist: Proof of Concept reproducing the mass ping bypass against Slack and Mattermost endpoints

Mitigation Strategies

  • Modify Slack adapter regex to exclude broadcast tags or implement secondary escaping pass
  • Inject 'disable_mentions': true into Mattermost adapter payload props
  • Implement universal LLM output guardrails to neutralize platform-specific mention syntax

Remediation Steps:

  1. Locate gateway/platforms/mattermost.py in the hermes-agent source
  2. Update the post request payload to include 'props': {'disable_mentions': True}
  3. Locate gateway/platforms/slack.py in the hermes-agent source
  4. Add a pre-transmission replace function for '<!everyone>', '<!channel>', and '<!here>'
  5. Restart the hermes-agent service to apply source modifications

References

Read the full report for CVE-2026-9354 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)