Product
A command injection vulnerability (CVE-2026-7316) exists in eiliyaabedini aider-mcp, allowing remote attackers to execute arbitrary commands by manipulating the working_dir/editable_files argument in the aider_mcp.py file.