What is CVE-2026-47103?

Remote code execution via unsafe eval() in Python StateMachine affects fgmacedo/python-statemachine versions 3.0.0 through 3.1.x. The vulnerability is reachable over the network with no authentication required: an attacker supplies a malicious SCXML document containing a crafted attribute, which the SCXMLProcessor passes to Python's built-in eval() without any sandboxing. Successful exploitation gives the attacker arbitrary code execution inside the hosting process. A patched-image rebuild at version 3.2.0 is available on HarborGuard for environments running an affected version.

How is CVE-2026-47103 exploited?

Network reachability (required): The vulnerable SCXML parsing endpoint must be reachable over the network; an attacker delivers the malicious document via any remote HTTP or API call that the application exposes. Authentication (not-required): No account or session credential is needed; the attacker can trigger eval() injection as an unauthenticated caller. Victim interaction (not-required): No user action is required; the application processes the attacker-supplied SCXML document automatically without any human interaction. Attack complexity (info): Attack complexity is low: the exploit requires no race condition, specific memory layout, or environmental precondition and is reliable on any vulnerable instance.

What is the impact of CVE-2026-47103?

Attacker executes arbitrary Python code inside the hosting process, giving full control over application logic and runtime state. All data readable by the hosting process, including secrets, environment variables, and in-memory credentials, is exposed. Attacker can write, overwrite, or delete files accessible to the process, modifying persisted application state or configuration. The hosting service can be crashed or hijacked to serve as a pivot point for further network access within the same container or pod environment.

Back to search

CRITICALCVE-2026-47103Published 2026-06-17Modified 2026-06-17CNA VulnCheck

CVE-2026-47103: Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `<data expr="...">` attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings through a call chain ending in Python's built-in eval() without sandboxing, enabling arbitrary code execution in the context of the hosting process.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: 3.2.0
Affected Products: 1

HarborGuard Analysis

Synopsis

Remote code execution via unsafe eval() in Python StateMachine affects fgmacedo/python-statemachine versions 3.0.0 through 3.1.x. The vulnerability is reachable over the network with no authentication required: an attacker supplies a malicious SCXML document containing a crafted <data expr="..."> attribute, which the SCXMLProcessor passes to Python's built-in eval() without any sandboxing. Successful exploitation gives the attacker arbitrary code execution inside the hosting process. A patched-image rebuild at version 3.2.0 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images that bundle python-statemachine directly.

Available

Triage

HarborGuard scores this finding at CVSS 9.3 (Critical) using the v4.0 vector and surfaces it at the top of each affected environment's queue; per-environment compliance policy weighting and ownership routing then direct the alert to the appropriate team inbox within each customer organization.

Available

Patch

A patched-image rebuild at python-statemachine 3.2.0 becomes available through HarborGuard the moment an affected image is identified. For customers with auto-remediation enabled, HarborGuard runs the rebuild, executes a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable SCXML parsing endpoint must be reachable over the network; an attacker delivers the malicious document via any remote HTTP or API call that the application exposes.
AuthenticationNot required
No account or session credential is needed; the attacker can trigger eval() injection as an unauthenticated caller.
Victim interactionNot required
No user action is required; the application processes the attacker-supplied SCXML document automatically without any human interaction.
Attack complexityDetail
Attack complexity is low: the exploit requires no race condition, specific memory layout, or environmental precondition and is reliable on any vulnerable instance.

Blast Radius

Attacker executes arbitrary Python code inside the hosting process, giving full control over application logic and runtime state.
All data readable by the hosting process, including secrets, environment variables, and in-memory credentials, is exposed.
Attacker can write, overwrite, or delete files accessible to the process, modifying persisted application state or configuration.
The hosting service can be crashed or hijacked to serve as a pivot point for further network access within the same container or pod environment.

How HarborGuard Handles This

Available on HarborGuard: this Critical-severity CVE is matched against images in connected registries and pipelines within minutes of ingestion. Where an affected image is found, a rebuilt image at python-statemachine 3.2.0 is made available immediately. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test pass against the patched image, and opens a pull request against affected workloads; for high and critical severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. For environments where auto-remediation is not permitted by compliance policy, HarborGuard surfaces the finding with full CVSS detail and fix-version guidance so teams can act manually. As an interim compensating control, network policy rules that restrict which services may submit SCXML documents to the affected application will reduce the exploitable surface until the upgraded image is deployed.

See how HarborGuard automates this

Fix available

3.2.0

Affected packages

fgmacedo / python-statemachine
< 3.2.0 (from 3.0.0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available