CRITICAL
marcobambini
CVE published 2026-04-16
CVE-2026-40504
CVE-2026-40504 is a critical vulnerability in Creolabs Gravity, a scripting language. The vulnerability is caused by a heap buffer overflow in the gravity_vm_exec function, which allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. This can lead to arbitrary code execution in applications that evaluate untrusted scripts. The vulnerability has a CVSS [truncated]