CVE-2026-45181
Received Received - Intake
Hex-Rays IDA Pro Argument Injection via Clang Dependency File

Publication date: 2026-05-09

Last updated on: 2026-05-10

Assigner: MITRE

Description
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-10
Generated
2026-06-19
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-45181
EUVD
EUVD-2026-28942
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hex-rays ida_pro to 9.3sp2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can lead to unauthorized code execution by allowing attackers to insert malicious code into the plugins directory of IDA Pro. This can compromise the integrity and security of the affected system, potentially leading to data breaches or further exploitation.

Executive Summary

This vulnerability affects Hex-Rays IDA Pro versions 9.2 and 9.3 before 9.3sp2. It involves the software not blocking Clang dependency-file generation through argument injection. This flaw allows attackers to place their own code into the plugins directory if the victim opens a specially crafted attacker-supplied .i64 file.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

Detection of this vulnerability involves identifying if Hex-Rays IDA Pro versions 9.2 or 9.3 before 9.3sp2 are in use, especially if attacker-supplied .i64 files are opened.

Since the vulnerability exploits argument injection via the Clang-based type parser and the generation of dependency files to place malicious code in the plugins directory, monitoring for unexpected file writes or plugin directory modifications after loading .i64 files can help detect exploitation attempts.

Specific commands are not provided in the resources, but general approaches include:

  • Checking the version of IDA Pro installed to confirm if it is vulnerable.
  • Monitoring file system changes in the IDA plugins directory for unexpected Python or other script files.
  • Using file integrity monitoring tools to detect unauthorized modifications.
  • Reviewing logs or audit trails for suspicious activity related to loading .i64 files.
Mitigation Strategies

The primary mitigation step is to update Hex-Rays IDA Pro to version 9.3sp2 or later, where the vulnerability has been patched by restricting permitted Clang flags and fixing argument injection issues.

Additional immediate steps include:

  • Avoid opening untrusted or attacker-supplied .i64 files in vulnerable versions of IDA Pro.
  • Monitor and restrict write permissions to the IDA plugins directory to prevent unauthorized code placement.
  • Apply general security best practices such as running IDA Pro with least privilege and enabling audit logging.

Users are advised to download the latest IDA installer from the official Hex-Rays portal to ensure all security and stability fixes are applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45181. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart