PatchSiren

marcobambini CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL marcobambini CVE published 2026-04-16

CVE-2026-40504

CVE-2026-40504 is a critical vulnerability in Creolabs Gravity, a scripting language. The vulnerability is caused by a heap buffer overflow in the gravity_vm_exec function, which allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. This can lead to arbitrary code execution in applications that evaluate untrusted scripts. The vulnerability has a CVSS [truncated]