Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint
Low severity
GitHub Reviewed
Published
May 31, 2026
to the GitHub Advisory Database
•
Updated Jul 7, 2026
Description
Published by the National Vulnerability Database
May 31, 2026
Published to the GitHub Advisory Database
May 31, 2026
Last updated
Jul 7, 2026
Reviewed
Jul 7, 2026
A security vulnerability has been detected in Aider-AI Aider 0.86.3.dev. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.
References