CVE-2026-7316

eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

CVSS 6.9 MEDIUMEPSS 1.3%CWE-74 CWE-77

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

eiliyaabedini · aider-mcp

PoCs públicas encontradas — 1

cve_referencegithub.com/eiliyaabedini/aider-mcp/issues/1no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/eiliyaabedini/aider-mcp/https://github.com/eiliyaabedini/aider-mcp/issues/1 https://vuldb.com/submit/803082 https://vuldb.com/vuln/359964 https://vuldb.com/vuln/359964/cti