{"uuid": "bf34523b-789a-468c-9faf-a3db7c519beb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58122", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116892738294124832", "content": "CVE-2026-58122 (CRITICAL): Hermes WebUI &lt;0.51.307 lets remote attackers bypass local IP restrictions via spoofed X-Forwarded-For \u2014 enabling SSRF, config overwrite, and OAuth token theft. Restrict header spoofing &amp; monitor access. https://radar.offseq.com/threat/cve-2026-58122-use-of-less-trusted-source-in-nesqu-c1a99cec42d28f9e #OffSeq #CVE202658122 #infosec #SSRF", "creation_timestamp": "2026-07-10T00:00:37.931201Z"}