Your Security Tool Has a Hole in It: The Hermes WebUI RCE and the Windows Defender Patch That Breaks Things
Two stories dominated the threat intelligence picture this week. Neither of them is theoretical. Both of them require action before Friday.
This is the 10 July 2026 briefing.
Story One: Hermes WebUI Has a 9.8-Rated Hole That Requires Zero Credentials
Hermes WebUI is an open-source interface for running large language models locally. It is increasingly deployed in small business and MSP environments as AI tooling becomes mainstream. If your IT provider or your team is using it to run local AI assistants, this matters to you directly.
Two critical vulnerabilities were published against it on 9 July 2026.
CVE-2026-58123 (CVSS 9.8): An unauthenticated remote code execution vulnerability in Hermes WebUI before version 0.51.788. An attacker does not need a username. They do not need a password. They make four sequential HTTP requests to the embedded terminal API endpoint, attach a shell session, and execute arbitrary commands as the server process user. Full command execution. No credentials required.
To be precise about what that means in practice: if Hermes WebUI is exposed to the internet, or accessible from a compromised machine on your network, an attacker can run any command they like on the server hosting it. They can exfiltrate data, install ransomware, pivot to connected systems, or simply sit quietly and watch.
CVE-2026-58122 (CVSS 9.1): A companion vulnerability in Hermes WebUI before version 0.51.307. This one allows an attacker to bypass local-origin IP restrictions by spoofing the X-Forwarded-For HTTP header with a loopback address. Once past that check, they can conduct server-side request forgery against internal services, reach cloud metadata endpoints, overwrite your LLM provider configuration and API keys with values they control, or trigger OAuth device-code flows that produce persistent access tokens stored in auth.json.
In plain English: they can steal your API keys, replace them with their own, and obtain tokens that give them persistent access. Long after the initial exploit, they still have a door open.
These two vulnerabilities together are not a minor patch cycle item. They are a root-cause compromise waiting to happen in any environment where Hermes WebUI is running and not immediately updated.
The fix: Update to Hermes WebUI version 0.51.788 or later. Do this today. If you cannot update immediately, take the instance offline until you can. Do not leave it running.
If you use a managed service provider, ask them directly: are you running Hermes WebUI anywhere in our environment or your tooling stack? Get a written answer.
Story Two: The Windows Defender Patch That Might Break Your Machine While Fixing It
Microsoft patched the ‘RoguePlanet’ vulnerability (CVE-2026-50656) on 9 July 2026. This is a Windows Defender elevation-of-privilege flaw that allows a local user, or an attacker who already has a foothold on a system, to escalate their privileges to SYSTEM level. SYSTEM is the highest privilege level on a Windows machine. Full control.
Details of the vulnerability were published publicly by a security researcher on 10 June, including working proof-of-concept exploit code. Microsoft confirmed the flaw had been live since at least that date. The patch arrived roughly a month later.
That month matters. Any attacker who saw the public disclosure had a month to use it against unpatched Windows systems. If you have not applied the update, apply it now.
Here is the complication: the patch itself has a documented side effect. According to reporting from Ars Technica, the Microsoft Malware Protection Engine update released to fix RoguePlanet may cause Windows machines to write files large enough to completely consume available disk space.
The advice is not to skip the patch. The advice is: patch, then check your disk space. On every Windows endpoint in your environment.
If you have monitoring in place, set alerts for disk utilisation above 85%. If you do not have monitoring in place, this is a reminder that you should.
For UK small businesses running Windows across their estate, which is most of them, this is a two-step action: apply the Defender update via Windows Update, then verify disk space has not spiked abnormally on any machine.
Why Security Tools Are Now the Primary Target
There is a pattern worth naming here. Both of this week’s significant vulnerabilities involve security and infrastructure tooling, not business applications.
Hermes WebUI is an AI operations tool. Windows Defender is the built-in security engine on every Windows machine. Dragonforce ransomware, covered in a separate Huntress report published the same week, enters networks through Citrix NetScaler, a remote access infrastructure product.
Attackers have understood something that many small businesses have not yet internalised: the tools that sit closest to your systems, the ones with elevated access and trusted network positions, are the highest-value targets. Compromising your antivirus engine or your AI interface is more useful than compromising your word processor, because those tools have the access and the trust that makes lateral movement trivial.
This is not a reason to abandon security tooling. It is a reason to treat it with the same scrutiny you apply to anything else connected to your network: keep it updated, restrict its exposure, and know what it is doing.
Why This Gives You an Edge
Most small businesses in the UK are not doing this analysis. They are not tracking NVD publications. They are not asking their MSP whether Hermes WebUI is in the stack. They are certainly not correlating a Defender patch with a potential disk space incident.
If you are doing this, or working with someone who is, you are operating at a materially different risk level than your competitors.
For businesses that handle client data, the ability to demonstrate that you monitor and respond to critical vulnerability disclosures is increasingly a differentiator in procurement. Larger clients, particularly those with their own security requirements, are beginning to ask suppliers for evidence of patch management processes. Being able to point to a documented response to a CVSS 9.8 disclosure is a concrete answer to that question.
Making the Business Case
Three points for a board conversation:
The tools you trust are being targeted. CVE-2026-58123 is a 9.8-rated flaw in infrastructure software. The attacker does not need to trick an employee. They need network access to a running application. This is not a phishing problem. It is a patch management problem.
A one-month window between disclosure and patch is normal. Exposure during that window is not inevitable. RoguePlanet proof-of-concept code was public for approximately 30 days before the patch arrived. Organisations with endpoint monitoring and network segmentation had options during that window. Organisations without them did not.
The cost of patching is predictable. The cost of not patching is not. Dragonforce ransomware, documented this week by Huntress, enters through unpatched Citrix infrastructure. The attack chain takes seven steps and ends with encrypted systems and a ransom demand. The patch for CitrixBleed 2 existed. The question is whether it was applied.
What to Do Before Friday
-
Check for Hermes WebUI. Ask your IT provider or check your own environment. If it is running anywhere, update to 0.51.788 immediately. If it cannot be updated today, take it offline. This is not optional.
-
Apply the Windows Defender update. Go to Windows Update on every machine in your environment and ensure the latest Defender definitions and engine updates are installed. This covers CVE-2026-50656.
-
Check disk space after patching. On every Windows machine. Look for anything above 85% utilisation that was not there yesterday. If you find it, investigate before the machine runs out of space and causes an outage.
-
Ask your MSP for written confirmation. That they have addressed both items across your managed endpoints. If they cannot provide that confirmation by end of week, that tells you something useful about the service you are receiving.
-
Document your response. Note the date you checked, what you found, and what action you took. If you are ever asked to demonstrate patch management capability, this record is your evidence.
Before you go: follow the show wherever you listen, leave a rating or review, drop a comment with your thoughts, and share it with someone who would find it useful. It takes thirty seconds and it genuinely helps.