Ghostwire

CVE-2026-45181: Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection),...

MEDIUM CVSS 6.5 Exploit Available

Published: May 9, 2026 | Last Modified: May 9, 2026

Description

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directry if the victim uses an attacker-supplied .i64 file.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

blog.calif.io/p/using-ida-to-find-bugs-in-ida-with
docs.hex-rays.com/release-notes/9_3sp2
www.tenable.com/cve/CVE-2026-45181
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-45181