2 matches found
CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
CVE-2026-47103
creationtimestamp| type| source ---|---|--- 2026-06-17 11:39:45+00:00| published-proof-of-concept| https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8 2026-06-17 15:30:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3moimysp6w224 2026-06-17...