What is CVE-2026-45181?

CVE-2026-45181 is a medium-severity vulnerability in Hex-rays Ida, classified under Argument Injection. CVSS score: 6.5/10. Published 2026-05-09.

How severe is CVE-2026-45181?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Hex-rays Ida

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.

EPSS: 0.000 (0.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L.

Affected products

Hex-rays Ida — versions 9.2

Weakness classification (CWE)

CWE-88 — Argument Injection

References

cve@mitre.org
cve@mitre.org

Frequently asked questions

What is CVE-2026-45181?: CVE-2026-45181 is a medium-severity vulnerability in Hex-rays Ida, classified under Argument Injection. CVSS score: 6.5/10. Published 2026-05-09.
How severe is CVE-2026-45181?: Medium severity. CVSS v3 base score is 6.5 out of 10.