Detect python-statemachine SCXML <data expr> Eval Injection (CVE-2026-47103) in Google Chronicle
CVE-2026-47103 is a critical eval injection vulnerability (CWE-95) in python-statemachine versions >= 3.0.0 and < 3.2.0. When processing SCXML documents, the library evaluates expressions in <data expr=...> elements using Python's eval(), allowing an attacker who can supply or influence SCXML input to execute arbitrary Python code in the context of the application process. A public PoC is available and exploitation requires no authentication when SCXML is parsed from user-controlled input. CVSS score 9.8.
MITRE ATT&CK
YARA-L Detection Query
rule cve_2026_47103_python_statemachine_eval_injection {
meta:
author = "df00tech Detection Engineering"
description = "Detects CVE-2026-47103: python-statemachine SCXML eval injection"
severity = "CRITICAL"
priority = "HIGH"
reference = "https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8"
version = "1.0"
events:
$e.metadata.event_type = "PROCESS_LAUNCH"
$e.principal.process.file.full_path = /python(3(\.[0-9]+)?)?(\.exe)?$/
(
$e.target.process.command_line = /statemachine/
or $e.target.process.command_line = /\.scxml/
or $e.target.process.command_line = /scxml/
)
(
$e.target.process.command_line = /eval\s*\(/
or $e.target.process.command_line = /exec\s*\(/
or $e.target.process.command_line = /__import__/
or $e.target.process.command_line = /subprocess/
or $e.target.process.command_line = /os\.system/
or $e.target.process.command_line = /base64\.b64decode/
)
$hostname = $e.principal.hostname
match:
$hostname over 5m
outcome:
$risk_score = max(if(
$e.target.process.command_line = /eval\s*\(/ or
$e.target.process.command_line = /__import__/, 95, 75
))
$command = array_distinct($e.target.process.command_line)
condition:
#e > 0
}Chronicle YARA-L 2.0 rule detecting python-statemachine SCXML eval injection exploitation. Matches Python process launches combining statemachine/SCXML references with dangerous code execution built-ins.
Data Sources
Required Tables
False Positives & Tuning
- Legitimate machine learning pipelines using python-statemachine for model training workflows with subprocess calls
- Internal tooling that combines SCXML state definitions with subprocess for job scheduling
- Developer workstations running statemachine-heavy applications with debugging eval statements enabled
- Automated document processing pipelines that create SCXML from templates and use exec for post-processing
Other platforms for CVE-2026-47103
Testing Methodology
Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1Basic SCXML eval injection via python-statemachine
Expected signal: Process execution of python3 with statemachine and scxml in command line; file creation event for /tmp/cve_2026_47103_pwned by the python3 process; pip install of vulnerable package version
- Test 2SCXML eval injection with reverse shell payload
Expected signal: Python3 process spawning /bin/bash child process with -i flag; outbound TCP connection to 127.0.0.1:4444 (or attacker IP in real scenario) from the python3 process; subprocess.Popen call visible in process tree
- Test 3SCXML eval injection via web API endpoint (simulated)
Expected signal: Flask application process accepting HTTP POST with SCXML content-type; python3 process creating temp .scxml file; file creation event for /tmp/api_pwned; process-level evidence of __import__ string construction via chr() obfuscation
References (5)
- https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8
- https://nvd.nist.gov/vuln/detail/CVE-2026-47103
- https://github.com/fgmacedo/python-statemachine/releases/tag/v3.2.0
- https://www.vulncheck.com/advisories/python-statemachine-rce-via-scxml-eval-injection
- https://github.com/advisories/GHSA-v4jc-pm6r-3vj8
Unlock Pro Content
Get the full detection package for CVE-2026-47103 including response playbook, investigation guide, and atomic red team tests.