CVE-2026-4745 describes a Code Injection vulnerability discovered in perf-ninja, a tool developed by dendibakh within the labs/misc/pgo/lua modules. This flaw allows attackers to inject malicious code, potentially leading to system compromise. The vulnerability affects versions 0–0, and a fix is currently pending evaluation.
The Code Injection vulnerability in perf-ninja allows an attacker to inject arbitrary code into the application's execution flow. This could be exploited to gain unauthorized access to sensitive data, execute malicious commands on the system, or even take complete control of the affected machine. The specific impact depends on the privileges of the user running perf-ninja and the attacker's ability to craft a successful payload. Given the nature of code injection, the potential for lateral movement within the network is significant if the affected system has access to other resources.
CVE-2026-4745 was publicly disclosed on 2026-03-24. The vulnerability's exploitation context is currently unclear, and no public proof-of-concept (PoC) exploits have been identified. It is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation.
Users of perf-ninja, particularly those running it in environments with limited access controls or those who have integrated it with other sensitive systems, are at risk. Developers and maintainers of perf-ninja should prioritize patching and security audits.
disclosure
漏洞利用状态
EPSS
0.06% (19% 百分位)
CISA SSVC
Due to the severity of Code Injection vulnerabilities, immediate action is crucial. Since a fixed version is not yet available, mitigation strategies are limited. Consider isolating the affected perf-ninja instance to prevent potential exploitation. Thoroughly review any custom scripts or configurations used with perf-ninja for potential vulnerabilities. Monitor system logs for any suspicious activity related to perf-ninja. Once a patched version becomes available, upgrade immediately. After upgrade, confirm by verifying the integrity of the ldo.C file and ensuring no unauthorized code is present.
升级到包含代码注入问题修复的已修复版本。请参阅 GitHub 仓库的 pull request #129 以获取有关已实施修复的更多详细信息。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-4745 is a Code Injection vulnerability in dendibakh's perf-ninja tool, allowing attackers to inject malicious code via the ldo.C file.
If you are using perf-ninja version 0–0, you are potentially affected by this vulnerability. Assess your environment and implement mitigation strategies.
A fixed version is currently pending evaluation. Until then, implement mitigation strategies like isolation and monitoring.
There are currently no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention.
Refer to the dendibakh project's official channels for updates and advisories regarding CVE-2026-4745.