PT-2026-45184 · Aider · Aider

·

CVE-2026-10175

·

Published

2026-05-31

·

Updated

2026-07-13

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Aider-AI Aider version 0.86.3
Description A security flaw in the Architect Mode component allows for remote code injection. The issue resides within the editor coder.run() function located in the auth.py file.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the editor coder.run() function within the Architect Mode component.

Exploit

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-10175
GHSA-7W7M-V5VP-W699
PYSEC-2026-2335

Affected Products

Aider