CVE-2026-7316 | eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af code_with_ai aider_mcp.py working_dir/editable_files command injection

A vulnerability identified as critical has been detected in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The manipulation of the argument working_dir/editable_files leads to command injection.

This vulnerability is listed as CVE-2026-7316. The attack may be initiated remotely. In addition, an exploit is available.

This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7316 | eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af code_with_ai aider_mcp.py working_dir/editable_files command injection

Post correlati

CVE-2023-46271 | Extreme Networks AP410C ah_webui improper authentication (ZDI-23-1766)

CVE-2024-10815 | PostLists Plugin up to 2.0.2 on WordPress $_SERVER[‘REQUEST_URI’] cross site scripting

CVE-2025-51865 | Ai2 Playground Web Service LLM Chat up to 2025-06-03 Object Reference thread resource injection

CVE-2023-48242 | Rexroth Nexo Cordless Nutrunner up to V1500-SP2 HTTP Request information disclosure