CVE-2026-39987
Marimo Remote Code Execution Vulnerability - [Actively Exploited]
Description
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
INFO
Published Date :
April 9, 2026, 6:17 p.m.
Last Modified :
April 23, 2026, 8:15 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update Marimo to version 0.23.0 or later.
- Verify authentication checks on WebSocket endpoints.
- Monitor for further security updates.
Public PoC/Exploit Available at Github
CVE-2026-39987 has a 20 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-39987.
| URL | Resource |
|---|---|
| https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a | Patch |
| https://github.com/marimo-team/marimo/pull/9098 | Issue Tracking Patch |
| https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc | Exploit Mitigation Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 | US Government Resource |
| https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours | Exploit Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-39987 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-39987
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
AI-authored YARA + Snort/Suricata detection rules for current malware campaigns and vulnerabilities. Each rule ships with reproducible specimens, structurally-similar benign cases, and a test transcript.
Python YARA JavaScript HTML Batchfile
None
CVE-2026-39987 - Draft
None
Python
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
Python
KQL Queries
CVE-2026-39987
Python Dockerfile
None
Dockerfile Python
None
Python
Marimo Pre-Auth RCE
Minimal demo: JAX-trained MLP exported to ONNX, run in the browser from a Marimo WASM notebook via onnxruntime-web
Python
None
Go HTML JavaScript CSS TypeScript
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability
Python
CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0.
cybersecurity marimo nmap-scripts nse-scripts python-notebook remote-code-execution vulnerability-detection websocket cve-2026-39987 pre-auth-rce
Python Lua
None
Python HTML
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-39987 vulnerability anywhere in the article.
-
The Hacker News
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The ac ... Read more
-
The Hacker News
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, gene ... Read more
-
The Hacker News
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS ... Read more
-
The Hacker News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ... Read more
-
The Hacker News
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026 ... Read more
-
The Hacker News
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protoco ... Read more
-
The Hacker News
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD ... Read more
-
The Hacker News
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnera ... Read more
-
The Hacker News
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out ... Read more
-
The Hacker News
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site com ... Read more
-
The Hacker News
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, a ... Read more
-
The Hacker News
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again.The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. For ... Read more
-
The Hacker News
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited ... Read more
-
The Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same ... Read more
-
The Hacker News
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI t ... Read more
-
The Hacker News
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the ... Read more
-
The Hacker News
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerabil ... Read more
-
The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible ... Read more
-
CybersecurityNews
Hackers Use LLM Agent to Move From Marimo RCE to Internal Database in Four Pivots
A new kind of cyberattack is changing how defenders must think about intrusion detection. On May 10, 2026, a threat actor used a large language model (LLM) agent to drive a full post-exploitation chai ... Read more
-
Proofpoint
More CVEs, Same Playbook: 2026 Vulnerability Exploitation in the Wild
Executive Summary The CVE Landscape Has Changed. The Threat Actors Haven't. Proofpoint's dual telemetry streams — targeted attack visibility covering hundreds of millions of messages daily, and a glob ... Read more
The following table lists the changes that have been made to the
CVE-2026-39987 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 23, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:coreweave:marimo:*:*:*:*:*:python:*:* versions up to (excluding) 0.23.0 Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a Types: Patch Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/pull/9098 Types: Issue Tracking, Patch Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc Types: Exploit, Mitigation, Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 Types: US Government Resource Added Reference Type CISA-ADP: https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours Types: Exploit, Third Party Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 23, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-39987 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Apr. 23, 2026
Action Type Old Value New Value Added Date Added 2026-04-23 Added Due Date 2026-05-07 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Marimo Remote Code Execution Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 23, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-39987 Added Reference https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours -
New CVE Received by [email protected]
Apr. 09, 2026
Action Type Old Value New Value Added Description marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-306 Added Reference https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a Added Reference https://github.com/marimo-team/marimo/pull/9098 Added Reference https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc