CVE-2026-49956 — Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoin — CVE Database · The Intelligence Room