CYBERHAWK / CVE / CVE-2026-49973

CVE-2026-49973

CRITICAL CVSS 9.4 other

The flaw

Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter to the settings API endpoint without any n

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-49973

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits