CYBERHAWK / CVE / CVE-2026-55196

CVE-2026-55196

CRITICAL CVSS 9.1 other

The flaw

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMES_WEBUI_PASSKEY=1 is enabled with no exist

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-55196

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits