2 matches found
CVE-2026-47103
Python StateMachine 3.0.0 before 3.2.0 has a remote code execution flaw: crafted SCXML documents with are unsafely evaluated via eval() in the SCXMLProcessor, enabling arbitrary code execution in the hosting process. Affected versions are 3.0.0 up to (but not including) 3.2.0. The CVSS metrics i...
PT-2026-50440
Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...