MEDIUM 6.3
GHSA-hchg-qm84-cj9p
Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint
Details
A security vulnerability has been detected in Aider-AI Aider 0.86.3.dev. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / aider-chat
Introduced in:
0 No fixed version published yet for aider-chat (pip). Pin to a known-safe version or switch to an alternative.
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-10177 [ADVISORY]
- https://github.com/Aider-AI/aider/issues/5075 [WEB]
- https://github.com/Aider-AI/aider/pull/5137 [WEB]
- https://github.com/Aider-AI/aider [PACKAGE]
- https://vuldb.com/cve/CVE-2026-10177 [WEB]
- https://vuldb.com/submit/819911 [WEB]
- https://vuldb.com/vuln/367458 [WEB]
- https://vuldb.com/vuln/367458/cti [WEB]