PT-2026-35530 · Unknown · Aider-Mcp-Server

Smallw

Published

2026-04-27

Updated

2026-04-27

CVE-2026-7157

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions disler aider-mcp-server versions prior to b2516fa466d0d851932da92ee6d0e66946db9efc

Description A command injection flaw exists in the aider ai code component within the src/aider mcp server/server.py file. This issue occurs due to improper manipulation of the relative editable files argument, allowing remote attackers to execute arbitrary commands.

Recommendations Update to a version later than b2516fa466d0d851932da92ee6d0e66946db9efc. As a temporary workaround, restrict or avoid using the relative editable files argument until a formal patch is applied.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-7157

Affected Products

Aider-Mcp-Server

PT-2026-35530 · Unknown · Aider-Mcp-Server

CVE-2026-7157

Weakness Enumeration

Related Identifiers

Affected Products

References · 8