4 vulnerabilities across 2 products scored HIGH or above on June 01, 2026.
- HIGH: 4
[HIGH] otrs_ag/otrs
2 CVEs | CVSS 9.1 | AAS 9.0
OTRS and OTRS Community Edition have issued a security advisory addressing multiple critical vulnerabilities affecting versions 7.0 through 2026.3 and Community Edition 6.0.x, including unauthenticated SQL injection (CVE-2026-48188, CVE-2026-48209) with CVSS 9.1 that can bypass authentication on systems running MySQL/MariaDB with NO_BACKSLASH_ESCAPES SQL mode enabled. Organizations using affected OTRS versions should urgently update to 2026.4.x or later, review their SQL mode configurations, and assume active exploitation may be occurring. Details are available in the vendor advisory at https://otrs.com/release-notes/otrs-security-advisory-2026-02/.
- CVE-2026-48188 (CVSS 9.1)
- CVE-2026-48209 (CVSS 7.1)
[HIGH] nousresearch/hermes-agent
2 CVEs | CVSS 5.5 | AAS 7.0
Nous Research hermes-agent through version 2026.4.30 contains multiple vulnerabilities (CVE-2026-10220, CVE-2026-10224) with CVSS 5.5, including an injection flaw in the skill_view function that allows remote exploitation. The vulnerabilities have been publicly disclosed and are actively exploitable; the vendor has not responded to early disclosure attempts. Organizations using hermes-agent should immediately upgrade to a patched version and review the impact on their deployments, with technical details available at https://gist.github.com/YLChen-007/9dd399c6f75b31fa741a613dfd41de08.
- CVE-2026-10220 (CVSS 5.5)
- CVE-2026-10224 (CVSS 5.5)