Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40504.json",
"cwe_ids": [
"CWE-122"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "18b9195598d9b944376754c6d1ad76e38a4adca1"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "VulnCheck"
}