Aider-AI Aider Architect Mode auth.py editor_coder.run code injection_CVE-2026-10175

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-10175

Source VulDB

Published May 31, 2026 at 08:45

Affected Product

Vendor Aider-AI

Product Aider

Version 0.86.3

Affected Versions Aider-AI Aider 0.86.3

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-31T08:45:07.461Z",
    "modified": "2026-05-31T08:45:07.461Z",
    "type": "cve",
    "title": "Aider-AI Aider Architect Mode auth.py editor_coder.run code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367456\nhttps://vuldb.com/vuln/367456/cti\nhttps://vuldb.com/cve/CVE-2026-10175\nhttps://vuldb.com/submit/819909\nhttps://github.com/Aider-AI/aider/issues/5058\nhttps://github.com/Aider-AI/aider/",
    "id": "CVE-2026-10175",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Aider-AI Aider 0.86.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aider",
    "version": "0.86.3",
    "vendor": "Aider-AI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}