Skip to main content

Aider CVE-2026-10175

| EUVD-2026-33495 LOW
Code Injection (CWE-94)
2026-05-31 VulDB GHSA-7w7m-v5vp-w699
RCE Code Injection Aider
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 31, 2026 - 09:22 NVD
MEDIUM LOW
CVSS changed
May 31, 2026 - 09:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 31, 2026 - 09:15 vuln.today

DescriptionCVE.org

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Code injection in Aider-AI Aider 0.86.3 Architect Mode enables authenticated remote attackers to execute arbitrary code via the editor_coder.run function in auth.py. A public proof-of-concept exploit is available via GitHub issue #5058, lowering the barrier to exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privilege credentials to Aider instance
Delivery
Connect over network to Aider
Exploit
Activate Architect Mode
Install
Craft malicious code-injecting input
C2
Trigger editor_coder.run in auth.py
Execute
Execute injected code in application context
Impact
Access host filesystem or exfiltrate secrets
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker hold at least low-privilege authenticated access to the Aider instance, as confirmed by PR:L in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.3 (Medium) is composed of AV:N (network-exploitable), AC:L (low attack complexity), PR:L (low-privilege authenticated access required), UI:N (no user interaction), and partial CIA impact (C:L/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege authenticated access to an Aider deployment - such as a shared development server or a networked instance with weak access controls - submits a crafted input through the Architect Mode interface that reaches the `editor_coder.run` function in `auth.py` and injects executable code into the application's runtime context. Because a public proof-of-concept exploit is available via GitHub issue #5058, a threat actor with minimal expertise can replicate the technique without needing independent vulnerability research. …
Remediation No vendor-released patch identified at time of analysis - the Aider-AI project was notified via an issue report (https://github.com/Aider-AI/aider/issues/5058) but has not responded or issued a fix. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10175 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy