PatchSiren

fgmacedo CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL fgmacedo CVE published 2026-06-17

CVE-2026-47103

CVE-2026-47103 is a remote code execution vulnerability in Python StateMachine versions 3.0.0 before 3.2.0. The vulnerability allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted <data expr=...> attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings through a call chain ending in Python's built-in eval() without sandb [truncated]