Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie() function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks and access sessions, files, and resources across different profiles.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53871.json",
"cna_assigner": "VulnCheck",
"cwe_ids": [
"CWE-565"
]
}