Vulnerabilities ›

CVE-2026-7157

High

CWE-74 — Weakness Type

                    Published: Apr 27, 2026                      ·  Modified: May 4, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

A command injection vulnerability exists in disler aider-mcp-server through commit b2516fa466d0d851932da92ee6d0e66946db9efc in the relative_editable_files argument handling. Remote attackers can execute arbitrary commands without authentication.

📄 Description (Arabic)

ثغرة حقن الأوامر في مكون aider_ai_code بملف src/aider_mcp_server/server.py تسمح بتنفيذ أوامر عشوائية عن بعد. المهاجمون يمكنهم استغلال معامل relative_editable_files لتمرير أوامر نظام ضارة. الاستغلال متاح علناً والمشروع لم يستجب بعد للإبلاغ عن المشكلة.

🤖 ملخص تنفيذي (AI)

ثغرة حقن الأوامر موجودة في disler aider-mcp-server حتى الإصدار المذكور في معالجة معامل relative_editable_files. يمكن للمهاجمين البعيدين تنفيذ أوامر عشوائية بدون مصادقة.

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 13:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government telecom banking

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1203 T1566

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update disler aider-mcp-server to a patched version beyond commit b2516fa466d0d851932da92ee6d0e66946db9efc. Implement input validation and sanitization for the relative_editable_files parameter. Restrict MCP server access to trusted networks only. Monitor for suspicious command execution patterns.

🔧 خطوات المعالجة (العربية)

قم بتحديث disler aider-mcp-server إلى إصدار مصحح بعد الإصدار المذكور. طبق التحقق من صحة المدخلات وتنظيفها لمعامل relative_editable_files. قيد الوصول إلى خادم MCP على الشبكات الموثوقة فقط. راقب أنماط تنفيذ الأوامر المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.7.3.1 A.12.2.1

🔵 SAMA CSF

ID.BE-5 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.6.1.1 A.7.1.1 A.7.3.1 A.12.2.1 A.14.2.1

🔗 References & Sources 5

🔗

https://github.com/disler/aider-mcp-server/

cna@vuldb.com

🔗

https://github.com/disler/aider-mcp-server/issues/16

cna@vuldb.com

🔗

https://vuldb.com/submit/802061

cna@vuldb.com

🔗

https://vuldb.com/vuln/359756

cna@vuldb.com

🔗

https://vuldb.com/vuln/359756/cti

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-74

EPSS2.18%

Exploit No

Patch ✗ No

Published 2026-04-27

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-7157

💬 Comments

Introduce Yourself

Sign In Required