6.5
CVE-2026-45181
- EPSS 0.16%
- Veröffentlicht 09.05.2026 21:47:35
- Zuletzt bearbeitet 13.05.2026 15:46:19
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHex-Rays
≫
Produkt
IDA
Default Statusunaffected
Version
9.2
Version <
9.3sp2
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.054 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 6.5 | 1 | 5.5 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
https://blog.calif.io/p/using-ida-to-find-bugs-in-ida-with
https://docs.hex-rays.com/release-notes/9_3sp2