{"uuid": "184d2532-7ba0-4428-aa70-35d34bcbd0be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58122", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqatr5udao2f", "content": "Hermes WebUI &lt;0.51.307 hit by CRITICAL auth bypass (CVE-2026-58122): Spoofed X-Forwarded-For enables SSRF &amp; config overwrite. Restrict/validate headers &amp; monitor onboarding endpoints. https://radar.offseq.com/threat/cve-2026-58122-use-of-less-trusted-source-in-nesqu-c1a99cec42d28f9e #OffSeq #CVE2...", "creation_timestamp": "2026-07-10T00:00:39.135831Z"}