{"vulnerability": "cve-2026-47103", "sightings": [{"uuid": "3defa3f3-0fa0-4aa5-9521-eaa91d3bae80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47103", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mokymjnfot2q", "content": "zero-day is actively exploited in the wild. Immediate patching and access control review recommended.\n[Source: @offseq@infosec.exchange](https://infosec.exchange/@offseq/116758965574886024)\n\n## 3. \ud83d\udea8 CRITICAL: CVE-2026-47103 \u2014 python-statemachine eval() RCE (CVSS 9.3)\nAn", "creation_timestamp": "2026-06-18T14:03:46.003340Z"}, {"uuid": "a793c67a-64f4-4d73-b0a6-8ca4dcb3910f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47103", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mok45esats25", "content": "the wild. Immediate patching and access control review recommended.\n[Source: @offseq@infosec.exchange](https://infosec.exchange/@offseq/116758965574886024)\n\n## 3. \ud83d\udea8 CRITICAL: CVE-2026-47103 \u2014 python-statemachine eval() RCE (CVSS 9.3)\nAn unsanitized `eval()` in SCXML processing lets attackers", "creation_timestamp": "2026-06-18T05:34:13.540101Z"}, {"uuid": "6359581d-f7b7-407c-88a8-eb59b9353d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47103", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moimysp6w224", "content": "Critical RCE in fgmacedo python-statemachine (3.0.0 \u2013 <3.2.0)! Unsafe eval in SCXML allows code execution. Avoid untrusted SCXML, monitor for patches. Details: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #Python #Security", "creation_timestamp": "2026-06-17T15:30:34.617480Z"}, {"uuid": "b6303d6e-5782-4997-b472-f294ae25ced5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47103", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moiooixiwo2r", "content": "Critical RCE in python-statemachine (3.0.0 \u2013 <3.2.0): attacker-supplied SCXML can trigger unsanitized eval(). Avoid untrusted SCXML and watch for patch info: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #python #security", "creation_timestamp": "2026-06-17T16:00:40.565976Z"}, {"uuid": "24ff4db0-7efa-4ab8-a348-68d9d9f2ea76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47103", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivs7gmrq27", "content": "CVE-2026-47103 - Python StateMachine 3.0.0\nCVE ID : CVE-2026-47103\n \n Published : June 17, 2026, 2:32 p.m. | 2\u00a0hours, 36\u00a0minutes ago\n \n Description : Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute...", "creation_timestamp": "2026-06-17T18:07:59.323651Z"}, {"uuid": "26490883-df7d-40e3-aa96-6fde93703e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47103", "type": "published-proof-of-concept", "source": "https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8", "content": "", "creation_timestamp": "2026-06-17T11:39:45.000000Z"}]}