RCE in Dendibakh Perf-ninja

CVE-2026-4745

Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (labs/misc/pgo/lua modules). This vulnerability is associated with program files ldo.C. This issue affects perf-ninja.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (21.7th percentile) — read the EPSS interpretation.

Affected products

Dendibakh Perf-ninja — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

github.com/dendibakh/perf-ninja/pull/129 (patch)