CVE-2026-10177: Server-Side Request Forgery in Aider-AI Aider
CVE-2026-10177 is a server-side request forgery (SSRF) vulnerability in Aider-AI Aider version 0. 86. 3. It affects the requests. get function in the api_docs. py file related to the AWS EC2 Metadata Endpoint. The vulnerability can be exploited remotely and has been publicly disclosed. A patch to fix this issue has been developed and is awaiting acceptance. The CVSS 4. 0 base score is 5.
AI Analysis
Technical Summary
This vulnerability in Aider-AI Aider 0.86.3 allows an attacker to manipulate the requests.get call in the api_docs.py component that interacts with the AWS EC2 Metadata Endpoint, resulting in server-side request forgery. The flaw enables remote attackers to induce the server to make unintended requests, potentially accessing internal resources. Although the exploit is publicly known, no known exploits in the wild have been reported. A patch is available but pending acceptance. The product is a cloud service, so remediation may be managed by the vendor.
Potential Impact
Successful exploitation could allow an attacker to make unauthorized requests from the server to internal or external resources, potentially exposing sensitive information or enabling further attacks. The medium CVSS score reflects limited privileges required and partial impact on confidentiality, integrity, and availability. No confirmed active exploitation has been reported.
Mitigation Recommendations
A patch addressing this vulnerability has been developed and is awaiting acceptance. Since Aider is a cloud-hosted service, the vendor typically manages remediation server-side. Users should monitor vendor advisories for patch deployment status and apply updates once the fix is officially released. Until then, no additional mitigation steps are confirmed by the vendor.
CVE-2026-10177: Server-Side Request Forgery in Aider-AI Aider
Description
CVE-2026-10177 is a server-side request forgery (SSRF) vulnerability in Aider-AI Aider version 0. 86. 3. It affects the requests. get function in the api_docs. py file related to the AWS EC2 Metadata Endpoint. The vulnerability can be exploited remotely and has been publicly disclosed. A patch to fix this issue has been developed and is awaiting acceptance. The CVSS 4. 0 base score is 5.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Aider-AI Aider 0.86.3 allows an attacker to manipulate the requests.get call in the api_docs.py component that interacts with the AWS EC2 Metadata Endpoint, resulting in server-side request forgery. The flaw enables remote attackers to induce the server to make unintended requests, potentially accessing internal resources. Although the exploit is publicly known, no known exploits in the wild have been reported. A patch is available but pending acceptance. The product is a cloud service, so remediation may be managed by the vendor.
Potential Impact
Successful exploitation could allow an attacker to make unauthorized requests from the server to internal or external resources, potentially exposing sensitive information or enabling further attacks. The medium CVSS score reflects limited privileges required and partial impact on confidentiality, integrity, and availability. No confirmed active exploitation has been reported.
Mitigation Recommendations
A patch addressing this vulnerability has been developed and is awaiting acceptance. Since Aider is a cloud-hosted service, the vendor typically manages remediation server-side. Users should monitor vendor advisories for patch deployment status and apply updates once the fix is officially released. Until then, no additional mitigation steps are confirmed by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-30T16:21:45.507Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a1c1203e29bf47b50fe9aa8
Added to database: 5/31/2026, 10:48:35 AM
Last enriched: 5/31/2026, 11:03:33 AM
Last updated: 5/31/2026, 11:57:42 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.