Description
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-27
Score: 6.9 Medium
EPSS: 2.2% Low
KEV: No
Impact: Remote Command Execution
Action: Patch immediately
AI Analysis

Impact

The vulnerability is a command injection flaw in the aide_ai_code server.py module of the aider-mcp-server application. An attacker can supply a specially crafted relative_editable_files argument that causes the server to execute arbitrary shell commands. This flaw allows remote exploitation without authentication and has an available exploit published publicly. If exploited, an attacker could gain full control over the host running the service, compromise confidentiality, integrity, and availability, and use the system to pivot to other assets.

Affected Systems

This issue affects instances of the Disler aider-mcp-server product built from source code up to and including the commit b2516fa466d0d851932da92ee6d0e66946db9efc. The project follows a rolling‑release model, so any deployment built from an unpatched commit is vulnerable until a new release that removes the flaw is published.

Risk and Exploitability

The CVSS score of 6.9 classifies the risk as medium, but the availability of a public exploit and the absence of a hardening barrier raise the practical threat. EPSS is 1%, indicating a low but non‑zero exploit probability, and the vulnerability is not listed in CISA's KEV catalogue. Based on the description, the likely attack vector is a remote HTTP endpoint that accepts user input in the relative_editable_files parameter. An attacker can remotely trigger the injection by sending a crafted request, regardless of authentication, making this a high‑impact vulnerability for exposed services.

Generated by OpenCVE AI on April 28, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install the latest release of aider-mcp-server that contains the fix for the command injection issue.
  • If a new release is not yet available, restrict or disable the API endpoint that processes the relative_editable_files parameter to limit exposure.
  • Implement server‑side input validation or sanitization for the relative_editable_files argument to prevent arbitrary command execution.
  • Contact the maintainer to request an urgent fix or guidance for interim hardening of the application.

Generated by OpenCVE AI on April 28, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Disler
Disler aider-mcp-server
Vendors & Products Disler
Disler aider-mcp-server

Mon, 27 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Title disler aider-mcp-server aider_ai_code server.py command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Disler Aider-mcp-server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T14:01:20.148Z

Reserved: 2026-04-26T20:11:09.027Z

Link: CVE-2026-7157

cve-icon Vulnrichment

Updated: 2026-04-29T14:01:15.708Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T21:16:44.167

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7157

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:45:07Z

Weaknesses