Technical description
Two CVEs published May 31, 2026 affect Aider-AI Aider 0.86.3, a popular AI pair-programming tool used to make code changes across entire codebases. CVE-2026-10174 (CVSS v3.1 6.3): Manipulation of the `git-commit-verify` argument in the `aider/args.py` pre-commit hook handler results in a protection-mechanism failure, allowing an attacker to bypass pre-commit security hooks and commit unreviewed or malicious code. CVE-2026-10175 (CVSS v3.1 6.3 / CVSS 4.0 5.3): The `editor_coder.run` function in `auth.py` within Architect Mode can be manipulated to achieve code injection. Both vulnerabilities are remotely exploitable, require no authentication, have public exploit code available, and the vendor had not responded at time of CVE publication.
Attack vector
Remote manipulation of Aider's argument handling and Architect Mode execution paths. With public exploit code available and Aider commonly integrated into CI/CD pipelines and developer workflows, exploitation could allow an attacker to inject malicious code into repositories while bypassing pre-commit review controls.
Affected systems
Aider-AI Aider version 0.86.3. Widely used by developers for AI-assisted coding across repositories.
Mitigation
1) Immediately pin or downgrade away from Aider 0.86.3 in all developer and CI/CD environments until a patched version is confirmed. 2) Disable Architect Mode (`--no-architect`) as a compensating control. 3) Enforce external pre-commit hooks and branch protection rules outside the Aider process. 4) Require human review and signed commits for all AI-generated code. 5) Monitor Aider's GitHub and release channels for a security update.