VYPR
Critical severity9.8NVD Advisory· Published Apr 16, 2026· Updated May 1, 2026

CVE-2026-40504

CVE-2026-40504

Description

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Creolabs/Gravityreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <0.9.6

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.