Vulnerabilities

CVE-2026-22798 - hermes's raw options logging may disclose secrets passed in via subcommand optio

2026-01-13 0 views admin

CVE ID : CVE-2026-22798 Published : Jan. 12, 2026, 10:16 p.m. | 32 minutes ago Description : hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens (e.g., via hermes deposit -O invenio_rdm.auth_token SECRET), these are written to the log file in plain text, making them available to whoever can access the log file. This vulnerability is fixed in 0.9.1. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-22798

Severity

MEDIUM

Published

Jan. 12, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22798medium

CVE-2026-22798 - hermes's raw options logging may disclose secrets passed in via subcommand optio

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-9427 - Admin reflected XSS - Guide

CVE-2025-14507 - EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - unauthenticated

CVE-2025-11669 - Broken Access Control

Update: CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting