Skip to main content

Aider CVE-2026-10176

| EUVD-2026-33496 LOW
SQL Injection (CWE-89)
2026-05-31 VulDB GHSA-f9g4-qjmq-f49r
SQLi Aider
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
May 31, 2026 - 10:22 NVD
MEDIUM LOW
CVSS changed
May 31, 2026 - 10:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 31, 2026 - 10:15 vuln.today

DescriptionCVE.org

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

SQL injection in Aider-AI Aider 0.86.3's Code Generation Workflow component allows authenticated remote attackers with low privileges to manipulate internal SQL queries, resulting in partial compromise of confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists via GitHub issue #5077, raising near-term exploitation risk despite the medium CVSS score of 6.3. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege Aider credentials
Delivery
Access Code Generation Workflow input surface
Exploit
Craft SQL-injecting payload in user-controlled input
Execution
Submit to vulnerable database query handler
Impact
Read or manipulate Aider internal SQLite database
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must hold low-privilege authenticated credentials to interact with the Aider instance - unauthenticated network exploitation is not indicated by the CVSS vector (PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.3 (Medium) reflects a network-exploitable, low-complexity attack requiring low-privilege authentication, with partial CIA impact (C:L/I:L/A:L) and unchanged scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to an Aider deployment crafts a malicious payload targeting the Code Generation Workflow, embedding SQL metacharacters that break out of the intended query context and inject attacker-controlled SQL commands. Leveraging the publicly available proof-of-concept from GitHub issue #5077, the attacker reads, alters, or corrupts Aider's internal SQLite database - potentially exfiltrating stored chat history, session tokens, or project context. …
Remediation No vendor-released patch is identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10176 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy