CVE-2026-10176

Aider-AI Aider Code Generation Workflow sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-89

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.3EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

31 May 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

Aider-AI · Aider

public PoCs found — 1

cve_referencegithub.com/Aider-AI/aider/issues/5077unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Aider-AI/aider/https://github.com/Aider-AI/aider/issues/5077 https://vuldb.com/cve/CVE-2026-10176 https://vuldb.com/submit/819910 https://vuldb.com/vuln/367457 https://vuldb.com/vuln/367457/cti