शिल्पपूर्ण बाइटकोड के माध्यम से मनमाना कोड निष्पादन dendibakh/perf-ninja में
प्लेटफ़ॉर्म
other
घटक
perf-ninja
में ठीक किया गया
0.0.1
CVE-2026-4745 describes a Code Injection vulnerability discovered in perf-ninja, a tool developed by dendibakh within the labs/misc/pgo/lua modules. This flaw allows attackers to inject malicious code, potentially leading to system compromise. The vulnerability affects versions 0–0, and a fix is currently pending evaluation.
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The Code Injection vulnerability in perf-ninja allows an attacker to inject arbitrary code into the application's execution flow. This could be exploited to gain unauthorized access to sensitive data, execute malicious commands on the system, or even take complete control of the affected machine. The specific impact depends on the privileges of the user running perf-ninja and the attacker's ability to craft a successful payload. Given the nature of code injection, the potential for lateral movement within the network is significant if the affected system has access to other resources.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2026-4745 was publicly disclosed on 2026-03-24. The vulnerability's exploitation context is currently unclear, and no public proof-of-concept (PoC) exploits have been identified. It is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation.
कौन जोखिम में हैअनुवाद हो रहा है…
Users of perf-ninja, particularly those running it in environments with limited access controls or those who have integrated it with other sensitive systems, are at risk. Developers and maintainers of perf-ninja should prioritize patching and security audits.
हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.06% (19% शतमक)
CISA SSVC
प्रभावित सॉफ्टवेयर
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
Due to the severity of Code Injection vulnerabilities, immediate action is crucial. Since a fixed version is not yet available, mitigation strategies are limited. Consider isolating the affected perf-ninja instance to prevent potential exploitation. Thoroughly review any custom scripts or configurations used with perf-ninja for potential vulnerabilities. Monitor system logs for any suspicious activity related to perf-ninja. Once a patched version becomes available, upgrade immediately. After upgrade, confirm by verifying the integrity of the ldo.C file and ensuring no unauthorized code is present.
कैसे ठीक करें
कोड इंजेक्शन की समस्या के समाधान को शामिल करने वाले ठीक किए गए संस्करण में अपडेट करें। लागू किए गए समाधान के बारे में अधिक जानकारी के लिए GitHub रिपॉजिटरी में पुल अनुरोध #129 देखें।
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2026-4745 — Code Injection in perf-ninja?
CVE-2026-4745 is a Code Injection vulnerability in dendibakh's perf-ninja tool, allowing attackers to inject malicious code via the ldo.C file.
Am I affected by CVE-2026-4745 in perf-ninja?
If you are using perf-ninja version 0–0, you are potentially affected by this vulnerability. Assess your environment and implement mitigation strategies.
How do I fix CVE-2026-4745 in perf-ninja?
A fixed version is currently pending evaluation. Until then, implement mitigation strategies like isolation and monitoring.
Is CVE-2026-4745 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention.
Where can I find the official perf-ninja advisory for CVE-2026-4745?
Refer to the dendibakh project's official channels for updates and advisories regarding CVE-2026-4745.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।