CVE-2026-10175 | A security flaw has been discovered in Aider-AI Aider 0.86.3… | CVSS 6.3 MEDIUM

Description

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID: CVE-2026-10175
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-05-30 16:21 UTC
Published: 2026-05-31 08:45 UTC
Last updated: 2026-06-02 14:43 UTC
Primary CWE: CWE-94
Code Injection
Vendor / Product: Aider-AI / Aider
Sources: cve.org · NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Aider-AI	Aider	—	0.86.3

Weakness (CWE)

CWE	Source	Description
CWE-74	cna	Injection
CWE-94	cna	Code Injection

CVSS scores (4)

Score	Severity	Version	Source	Vector
6.5	N/D	2.0	cna	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
6.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.3	MEDIUM	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (6)

VDB-367456 | Aider-AI Aider Architect Mode auth.py editor_coder.run code injection https://vuldb.com/vuln/367456
VDB-367456 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/367456/cti
CVE-2026-10175 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-10175
Submit #819909 | paul-gauthier aider 0.86.3 Code Injection https://vuldb.com/submit/819909
https://github.com/Aider-AI/aider/issues/5058
https://github.com/Aider-AI/aider/