CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-hchg-qm84-cj9p: Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint

lowCVSS 6.3CVE-2026-10177
A security vulnerability has been detected in Aider-AI Aider 0.86.3.dev. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
low — CVSS 6.3
Published
2026-05-31
Last updated
2026-07-07
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-hchg-qm84-cj9p

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-10177coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories