Listen to this Post
CVE-2026-6832 describes an arbitrary file deletion vulnerability in Hermes WebUI, a tool for managing AI conversations. The flaw resides in the `/api/session/delete` endpoint, which processes a `session_id` from the request body to locate and delete a session’s JSON file. The vulnerable code directly concatenates the user-controlled `session_id` with a base directory: SESSION_DIR / f"{sid}.json". If an attacker supplies an absolute path, such as /tmp/victim, the `pathlib` library in Python discards the `SESSION_DIR` prefix, and the system attempts to delete /tmp/victim.json. Similarly, a path traversal payload like `../../config/master` resolves outside the intended directory. The root cause is a complete absence of input validation, allowing an attacker to break out of the designated session storage and delete any JSON file writable by the web server process. This vulnerability requires low-privileged authentication to exploit, but no user interaction is needed. The issue was patched in version 0.50.132 by implementing an allowlist validation and a containment check using path.relative_to().
DailyCVE Form:
Platform: Hermes WebUI
Version: <0.50.132
Vulnerability : Path Traversal
Severity: 8.1 High
date: 2026-04-21
Prediction: 2026-04-28
What Undercode Say:
Simulate a vulnerable path construction:
sid="/tmp/evil"
delete_path = SESSION_DIR / f"{sid}.json"
Python's pathlib discards SESSION_DIR for absolute paths:
Result: PosixPath('/tmp/evil.json')
Vulnerable code snippet from api/routes.py:
sid = body.get("session_id", "")
No validation here
p = SESSION_DIR / f"{sid}.json"
if p.exists():
p.unlink() Deletes arbitrary files!
Example malicious curl command:
curl -X POST http://target/api/session/delete \
-H "Authorization: Bearer $AUTH_TOKEN" \
-d '{"session_id": "/etc/critical_config"}'
Exploit:
Precondition: Valid low-privileged session token.
Step 1: Intercept a legitimate session deletion request.
Step 2: Replace `session_id` with an absolute path (e.g., /tmp/victim).
Step 3: Replay the request; the server deletes /tmp/victim.json.
Step 4: Use path traversal (e.g., ../../config/master) to escape SESSION_DIR.
Step 5: Chain deletions to disrupt service or corrupt states.
Protection:
Upgrade: Immediately update to version `0.50.132` or later.
Isolate: If patching is impossible, restrict network access to the `/api/session/delete` endpoint.
Monitor: Watch for requests containing ../, absolute paths, or encoded traversal patterns in the `session_id` parameter.
Impact:
Integrity: Attackers can remove critical configuration files or session data, leading to application malfunction.
Availability: Deletion of essential JSON files can cause denial of service by crashing the application or its dependencies.
Lateral Movement: While direct privilege escalation isn’t inherent, file deletion can be used to remove security controls or create unstable states for further exploitation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
