CVE-2026-40504

Source
https://cve.org/CVERecord?id=CVE-2026-40504
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40504.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40504
Published
2026-04-16T01:10:27.364Z
Modified
2026-07-16T03:31:06.738961549Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec
Details

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40504.json",
    "cwe_ids": [
        "CWE-122"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "18b9195598d9b944376754c6d1ad76e38a4adca1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/marcobambini/gravity

Affected ranges

Type
GIT
Repo
https://github.com/marcobambini/gravity
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.6"
        }
    ],
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.2.8
0.3.0
0.3.5
0.3.6
0.3.7
0.3.8
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.4
0.5.5
0.5.6
0.5.8
0.5.9
0.6.0
0.6.1
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.9
0.7.0
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.9.0
v0.*
v0.9.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40504.json"