CVE-2026-10177

Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery

CVSS 5.3 MEDIUMEPSS 0.2%CWE-918

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

Aider-AI · Aider

public PoCs found — 1

cve_referencegithub.com/Aider-AI/aider/issues/5075unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Aider-AI/aider/https://github.com/Aider-AI/aider/issues/5075 https://github.com/Aider-AI/aider/pull/5137 https://vuldb.com/cve/CVE-2026-10177 https://vuldb.com/submit/819911 https://vuldb.com/vuln/367458 https://vuldb.com/vuln/367458/cti