CVE-2026-45181

medium

Description

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directry if the victim uses an attacker-supplied .i64 file.

References

https://docs.hex-rays.com/release-notes/9_3sp2

https://blog.calif.io/p/using-ida-to-find-bugs-in-ida-with

Details

Source: Mitre, NVD

Published: 2026-05-09

Updated: 2026-05-09

Risk Information

CVSS v2

Base Score: 5.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L