CVE-2026-45181

Published: Mag 10, 2026 Last Modified: Mag 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low

Description

AI Translation Available

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directry if the victim uses an attacker-supplied .i64 file.

88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Other
Potential Impacts:
Execute Unauthorized Code Or Commands Alter Execution Logic Read Application Data Modify Application Data
Applicable Platforms
Languages: Not Language-Specific, PHP
View CWE Details
https://blog.calif.io/p/using-ida-to-find-bugs-in-ida-with
https://blog.calif.io/p/using-ida-to-find-bugs-in-ida-with
https://docs.hex-rays.com/release-notes/9_3sp2
https://docs.hex-rays.com/release-notes/9_3sp2