CVE-2026-40504

CRITICAL 9.8

Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

22th

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.

CWE	CWE-122
Vendor	marcobambini
Product	gravity
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for marcobambini gravity

Be the first to know when new critical vulnerabilities affecting marcobambini gravity are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

marcobambini / gravity

0 < 0.9.6 0 < 18b9195598d9b944376754c6d1ad76e38a4adca1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/marcobambini/gravity/releases/tag/0.9.6 github.com: https://github.com/marcobambini/gravity/issues/437 github.com: https://github.com/marcobambini/gravity/commit/18b9195598d9b944376754c6d1ad76e38a4adca1 vulncheck.com: https://www.vulncheck.com/advisories/creolabs-gravity-heap-buffer-overflow-via-gravity-vm-exec

Credits

segv0x