CVE-2026-10174
Description
Aider 0.86.3 defaults to skipping pre-commit hooks via --no-verify, allowing bypass of security controls like secret scanning.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Aider 0.86.3 defaults to skipping pre-commit hooks via --no-verify, allowing bypass of security controls like secret scanning.
Vulnerability
In Aider 0.86.3, the git-commit-verify argument in aider/args.py defaults to False. This value is passed to GitRepo in aider/main.py, causing aider/repo.py to append --no-verify to git commit commands. As a result, pre-commit hooks are skipped by default, bypassing security controls that repositories may rely on [2].
Exploitation
An attacker with the ability to influence code changes made by Aider (e.g., by contributing to a repository where Aider is used) can bypass pre-commit hooks. The attacker creates or modifies a file containing patterns that would normally be blocked by a pre-commit hook (e.g., subprocess.check_output with shell=True). When Aider commits the change, it uses --no-verify, so the hook is not executed and the commit succeeds [2].
Impact
Successful exploitation allows an attacker to bypass security controls enforced by pre-commit hooks, such as secret scanning, dangerous subprocess detection, and policy compliance checks. This undermines the integrity of the repository's secure development lifecycle and could lead to introduction of malicious code or secrets [2].
Mitigation
As of the publication date, the Aider project has not responded to the issue report and no fix has been released. Users should explicitly enable pre-commit hook verification by setting --git-commit-verify=True or configuring the equivalent environment variable. This workaround ensures that hooks are executed before commits [2].
AI Insight generated on May 31, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The default value of `--git-commit-verify` is `False`, causing Aider to always pass `--no-verify` to git and bypass repository pre-commit hooks."
Attack vector
An attacker who can induce a victim to use Aider on a repository that relies on pre-commit hooks for security controls (e.g., secret scanning, dangerous-pattern blocking) can bypass those controls. Because `--git-commit-verify` defaults to `False` [ref_id=1], Aider silently passes `--no-verify` to git, allowing commits that would otherwise be blocked by the hooks. The attack is remote in the sense that the victim may be tricked into running Aider on a malicious repository or accepting a malicious code change.
Affected code
The vulnerability is in Aider-AI Aider 0.86.3. The default value of `--git-commit-verify` is `False` in `aider/args.py` (lines 492-495), which causes `aider/repo.py` (lines 277-279) to append `--no-verify` to every commit, bypassing the repository's pre-commit hooks. The flow is wired through `aider/main.py` (line 918).
What the fix does
No patch has been published by the project. The advisory [ref_id=1] recommends that Aider should respect pre-commit hooks by default, or at minimum require explicit user opt-out before using `--no-verify`. Until a fix is applied, users must manually set `--git-commit-verify=True` to restore hook enforcement.
Preconditions
- configThe victim uses Aider with its default configuration (--git-commit-verify=False).
- configThe repository has a pre-commit hook that enforces security policies (e.g., secret scanning, dangerous pattern blocking).
- inputThe attacker supplies code that would be blocked by the hook (e.g., a dangerous subprocess call).
Reproduction
1. Create a repository with a `.git/hooks/pre-commit` hook that blocks `subprocess.check_output`. 2. Verify the hook works by manually committing a file containing `subprocess.check_output("echo test", shell=True)` — the commit is blocked. 3. Ask Aider to add and commit a function using the same pattern (e.g., `subprocess.check_output('uname -a', shell=True, text=True)`). 4. Observe that Aider commits successfully, bypassing the hook [ref_id=1].
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.