PatchSiren cyber security CVE debrief
CVE-2026-10177 Aider-AI CVE debrief
A server-side request forgery (SSRF) vulnerability exists in Aider-AI Aider version 0.86.3, specifically within the `requests.get` function in `api_docs.py` when handling the AWS EC2 Metadata Endpoint component. The vulnerability allows remote attackers to manipulate requests to unauthorized destinations. The issue has been publicly disclosed with an available exploit, and a pull request containing a fix is pending acceptance. The vulnerability is rated LOW severity with a CVSS score of 2.1. The weakness is categorized as CWE-918 (Server-Side Request Forgery).
- Vendor
- Aider-AI
- Product
- Aider
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-31
- Original CVE updated
- 2026-05-31
- Advisory published
- 2026-05-31
- Advisory updated
- 2026-05-31
Who should care
Organizations running Aider-AI Aider 0.86.3 in environments with access to AWS EC2 metadata services or other sensitive internal endpoints; security teams monitoring for SSRF vulnerabilities in AI-assisted development tools; infrastructure operators responsible for egress filtering and cloud metadata service protection
Technical summary
The vulnerability resides in the `requests.get` function within `api_docs.py` of Aider-AI Aider 0.86.3, where improper handling of the AWS EC2 Metadata Endpoint enables server-side request forgery. A remote attacker with low privileges can manipulate the application to make unauthorized outbound requests. The attack requires no user interaction and has low attack complexity. The exploit has been publicly disclosed. A fix exists in pending pull request 5137 but awaits acceptance. The vulnerability does not appear in CISA KEV and has no known ransomware campaign association.
Defensive priority
low
Recommended defensive actions
- Review and restrict network egress from systems running Aider 0.86.3, particularly blocking access to the AWS EC2 metadata endpoint (169.254.169.254) and other internal services unless explicitly required
- Monitor for and apply the pending patch from pull request 5137 once accepted and released
- Upgrade to a patched version of Aider when available; verify fix addresses SSRF in api_docs.py requests.get usage
- Implement defense-in-depth SSRF protections including URL validation, allowlist-based destination controls, and network segmentation for applications with outbound request capabilities
- Audit logs for unexpected outbound requests from Aider instances, particularly to internal or metadata service IP ranges
Evidence notes
The vulnerability was reported to VulDB (submit/819911) and assigned CVE-2026-10177. The affected component is identified as the AWS EC2 Metadata Endpoint in `api_docs.py`. A GitHub issue (#5075) and pull request (#5137) are referenced in source materials. The CVSS 4.0 vector indicates network attack vector with low attack complexity, requiring low privileges and no user interaction, with low impacts to confidentiality, integrity, and availability. The exploit is marked as proof-of-concept (E:P). Vendor identification is marked low confidence and requires review based on reference domain candidate analysis.
Official resources
Public disclosure with exploit available; fix pull request pending acceptance