MEDIUM
Blog
CVE published 2026-05-09
CVE-2026-45181
CVE-2026-45181 is a medium-severity issue in Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2. The problem is that IDA does not block Clang dependency-file generation through argument injection. If a victim opens an attacker-supplied .i64 file, the issue can cause attacker code to be written into a plugins directory. Hex-Rays lists the fix in 9.3sp2.