Marcobambini - Gravity - CRITICAL - CVE-2026-40504. Creolabs Gravity versions prior to 0.9.6 are susceptible to a heap buffer overflow vulnerability within the gravity_vm_exec function. This flaw allows attackers to manipulate memory by creating scripts with an excessive number of string literals at the global scope. The insufficient bounds checking in the gravity_fiber_reassign() function can lead to heap metadata corruption, paving the way for potential arbitrary code execution in applications that process untrusted scripts. Users are urged to update their Gravity installation to version 0.9.6 or later to mitigate this risk.