Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Description
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `` attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings through a call chain ending in Python's built-in eval() without sandboxing, enabling arbitrary code execution in the context of the hosting process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=3.0.0, <3.2.0
Patches
Vulnerability mechanics
Root cause
"The SCXMLProcessor passes attacker-controlled `<data expr="...">` attribute values unsanitized to Python's built-in `eval()` without any sandboxing."
Attack vector
An attacker supplies a malicious SCXML document containing a `<data>` element with a crafted `expr` attribute, such as `__import__('pathlib').Path('marker.txt').write_text('pwned')`. When the application calls `SCXMLProcessor.parse_scxml_file()` followed by `SCXMLProcessor.start()`, the expression string is passed unsanitized through the call chain to Python's built-in `eval()`, achieving arbitrary code execution in the context of the hosting process [ref_id=1].
Affected code
The vulnerability resides in `SCXMLProcessor.parse_scxml_file()` which processes SCXML documents. The call chain `SCXMLProcessor.process_definition()` → `create_datamodel_action_callable()` → `_create_dataitem_callable()` → `_eval()` ends in Python's built-in `eval()` on attacker-controlled `<data expr="...">` attribute values without any sandboxing or restriction [ref_id=1].
What the fix does
The advisory does not include a published patch diff. The recommended remediation is to restrict or sandbox the evaluation of `<data expr="...">` attributes in SCXML documents, or to avoid passing untrusted SCXML content to `SCXMLProcessor` entirely [ref_id=1].
Preconditions
- configThe application must use python-statemachine version >=3.0.0, <3.2.0
- inputThe application must pass attacker-controlled SCXML content to SCXMLProcessor.parse_scxml_file()
Reproduction
1. Install: `pip install python-statemachine==3.1.2` 2. Create an SCXML file containing: `<data id="x" expr="__import__('pathlib').Path('marker.txt').write_text('pwned')"/>` 3. Run: `SCXMLProcessor.parse_scxml_file(DATA_EXPR_CHART)` then `SCXMLProcessor.start()` 4. During `start()`, `<data expr>` reaches `_eval()`, which calls `eval()`. 5. Result: `data_marker_before_start: False`, `data_marker_after_start: True`, `success: True` [ref_id=1]
Generated on Jun 18, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-v4jc-pm6r-3vj8ghsaADVISORY
- github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8ghsavendor-advisory
- www.vulncheck.com/advisories/python-statemachine-rce-via-scxml-eval-injectionghsathird-party-advisory
- github.com/fgmacedo/python-statemachine/releases/tag/v3.2.0ghsarelease-notes
- nvd.nist.gov/vuln/detail/CVE-2026-47103ghsa
News mentions
0No linked articles in our index yet.