CVE-2026-6832 — Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an abs — CVE Database · The Intelligence Room