Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Creolabs Gravity 0.9.5 and earlier: Malicious scripts can crash or take control
CVE-2026-40504
Summary
Creolabs Gravity, a server software, has a bug in its script execution that can be exploited by crafting special scripts. This can cause the software to crash or allow an attacker to execute malicious code. Update to version 0.9.6 or later to fix the issue.
Original title
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string ...
Original description
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-122
Heap-based Buffer Overflow
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026