Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.
Graphite before
Exploit
CVE-2026-50593
NVD
Refer to CVE-2026-50593 NVD advisory