CVE-2026-10176 | A weakness has been identified in Aider-AI Aider 0.86.3. Aff… | CVSS 6.3 MEDIUM

Description

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID: CVE-2026-10176
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-05-30 16:21 UTC
Published: 2026-05-31 09:00 UTC
Last updated: 2026-06-02 14:46 UTC
Primary CWE: CWE-89
SQL Injection
Vendor / Product: Aider-AI / Aider
Sources: cve.org · NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Aider-AI	Aider	—	0.86.3

Weakness (CWE)

CWE	Source	Description
CWE-74	cna	Injection
CWE-89	cna	SQL Injection

CVSS scores (4)

Score	Severity	Version	Source	Vector
6.5	N/D	2.0	cna	AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
6.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.3	MEDIUM	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (6)

VDB-367457 | Aider-AI Aider Code Generation Workflow sql injection https://vuldb.com/vuln/367457
VDB-367457 | CTI Indicators (IOB, IOC, TTP) https://vuldb.com/vuln/367457/cti
CVE-2026-10176 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-10176
Submit #819910 | paul-gauthier Aider 0.86.3 Code Injection https://vuldb.com/submit/819910
https://github.com/Aider-AI/aider/issues/5077
https://github.com/Aider-AI/aider/