CVE-2026-10175
6.3 MEDIUMA security flaw has been discovered in Aider-AI Aider 0.86.3
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-74, CWE-94
Description
A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10175
- [Other]https://github.com/Aider-AI/aider/
- [Other]https://github.com/Aider-AI/aider/issues/5058
- [Other]https://vuldb.com/cve/CVE-2026-10175
- [Other]https://vuldb.com/submit/819909
- [Other]https://vuldb.com/vuln/367456
- [Other]https://vuldb.com/vuln/367456/cti
Related CVEs
Same CWE
- CVE-2026-48017 — DbGate is cross-platform database manager (8.8 HIGH)
- CVE-2026-48836 — Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
- CVE-2026-48124 — Cursor is a code editor built for programming with AI
- CVE-2026-39465 — Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions (9.1 CRITICAL)
- CVE-2026-52704 — Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code... (10.0 CRITICAL)