1. Home
  2. Vulnerabilities
  3. CVE-2026-39987
Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2026-39987
Marimo Remote Code Execution Vulnerability - [Actively Exploited]
Overview
Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Details
INFO

Published Date :

April 9, 2026, 6:17 p.m.

Last Modified :

April 23, 2026, 8:15 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987

Impact
Affected Products

The following products are affected by CVE-2026-39987 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Coreweave marimo
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 4.0 CRITICAL [email protected]
Solution
Update Marimo to version 0.23.0 or later to fix authentication bypass.
  • Update Marimo to version 0.23.0 or later.
  • Verify authentication checks on WebSocket endpoints.
  • Monitor for further security updates.
Public PoC/Exploit Available at Github

CVE-2026-39987 has a 18 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-39987.

URL Resource
https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a Patch
https://github.com/marimo-team/marimo/pull/9098 Issue Tracking Patch
https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc Exploit Mitigation Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 US Government Resource
https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours Exploit Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-39987 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-39987 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
0xdeadroot/CVE-2026-39987-marimo-rce

CVE-2026-39987

Python Dockerfile

Updated: 4 days, 21 hours ago
0 stars 0 fork 0 watcher
Born at : May 16, 2026, 1:10 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
rootdirective-sec/CVE-2026-39987-Lab

None

Dockerfile Python

Updated: 2 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 4, 2026, 10:54 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
Dhiaelhak-Rached/CVE-2026-39987-lab-or-marimo-cve-lab

None

Python

Updated: 3 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : April 26, 2026, 5:54 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
h3raklez/CVE-2026-39987

Marimo Pre-Auth RCE

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : April 25, 2026, 4:50 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
jameskermode/marimo-jax-onnx-demo

Minimal demo: JAX-trained MLP exported to ONNX, run in the browser from a Marimo WASM notebook via onnxruntime-web

Python

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : April 23, 2026, 6:56 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
baba-yu/news

None

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : April 22, 2026, 8:40 p.m. This repo has been linked 6 different CVEs too.
Profile Photo
YurilLAB/WEWAF

None

Go HTML JavaScript CSS TypeScript

Updated: 3 weeks, 3 days ago
1 stars 0 fork 0 watcher
Born at : April 21, 2026, 4:10 p.m. This repo has been linked 31 different CVEs too.
Profile Photo
Nxploited/CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 18, 2026, 7:46 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
keraattin/CVE-2026-39987

CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0.

cybersecurity marimo nmap-scripts nse-scripts python-notebook remote-code-execution vulnerability-detection websocket cve-2026-39987 pre-auth-rce

Python Lua

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 15, 2026, 8:09 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
mki9/CVE-2026-39987_exploit

None

Python HTML

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 13, 2026, 11:34 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
fevar54/marimo_CVE-2026-39987_RCE_PoC

CVE-2026-39987 - Marimo < 0.23.0 Pre-Auth RCE (WebSocket) PoC de explotación - Conecta a /terminal/ws sin autenticación Author: Fevar54 Date: 2026-04-13 Severity: CRITICAL CVSS: 9.3

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : April 13, 2026, 6:06 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
0xBlackash/CVE-2026-39987

CVE-2026-39987

Python

Updated: 1 month, 1 week ago
0 stars 1 fork 1 watcher
Born at : April 12, 2026, 9:12 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
webpro255/awesome-ai-agent-attacks

A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.

ai-agent-security ai-agents ai-security awesome-list cybersecurity llm-security mcp-security prompt-injection supply-chain-security adversarial-attacks agent-security agentic-ai ai-attacks ai-safety cve incident-response owasp red-team security-research vulnerability

Updated: 3 weeks, 6 days ago
7 stars 1 fork 1 watcher
Born at : April 7, 2026, 2:19 p.m. This repo has been linked 55 different CVEs too.
Profile Photo
myseq/tracker

Security Tracker

Python

Updated: 3 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : April 3, 2026, 11 a.m. This repo has been linked 10 different CVEs too.
Profile Photo
CryptoGenNepal/CVE-KEV-RSS

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.

cve json rss cgn cisa kev

Python HTML

Updated: 3 weeks, 5 days ago
8 stars 4 fork 4 watcher
Born at : Feb. 16, 2025, 5:21 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-39987 vulnerability anywhere in the article.

  • CybersecurityNews
Critical Marimo Security Vulnerability Enables Remote Code Execution Attacks

A critical security vulnerability in the Marimo Python notebook framework is being actively exploited to achieve pre-authentication remote code execution (RCE), allowing attackers to gain full control ... Read more

Published Date: May 19, 2026 (1 day, 12 hours ago)
  • The Hacker News
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week.Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels ... Read more

Published Date: May 07, 2026 (1 week, 6 days ago)
  • CybersecurityNews
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts

A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked ... Read more

Published Date: Apr 17, 2026 (1 month ago)
  • CybersecurityNews
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face

A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-3998 ... Read more

Published Date: Apr 17, 2026 (1 month ago)
  • CybersecurityNews
Marimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure

A critical vulnerability was disclosed in Marimo, an open-source reactive Python notebook platform. Less than 10 hours later, attackers successfully weaponized the flaw to steal sensitive cloud creden ... Read more

Published Date: Apr 13, 2026 (1 month, 1 week ago)
  • The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-s ... Read more

Published Date: Apr 13, 2026 (1 month, 1 week ago)
  • Daily CyberSecurity
LiteLLM Under Fire: Triple Threat Vulnerabilities Expose AI Gateways to Total Takeover

LiteLLM, the popular open-source library used to provide a unified interface for over 100 Large Language Models (LLMs) like OpenAI and Anthropic, has been hit with a series of critical security disclo ... Read more

Published Date: Apr 13, 2026 (1 month, 1 week ago)
  • Daily CyberSecurity
Under 10 Hours: The marimo Terminal RCE Exploited in a Record-Breaking AI Sprint

A critical flaw in marimo, a popular reactive Python notebook platform, has become the latest case study in how modern threat actors are weaponizing advisories with unprecedented speed. The vulnerabil ... Read more

Published Date: Apr 13, 2026 (1 month, 1 week ago)
  • Daily CyberSecurity
Total CMS Takeover: Movable Type Patches Critical 9.8 CVSS Perl RCE

Six Apart Ltd. has issued an urgent security advisory for Movable Type, a long-standing content management system used by enterprises worldwide. The report details two severe vulnerabilities within th ... Read more

Published Date: Apr 13, 2026 (1 month, 1 week ago)
  • Daily CyberSecurity
The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026)

Welcome to this week’s vulnerability digest. As we close out the first full week of April, security teams are faced with a challenging landscape of critical zero-days, active exploitations, and severe ... Read more

Published Date: Apr 13, 2026 (1 month, 1 week ago)
  • The Hacker News
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. T ... Read more

Published Date: Apr 10, 2026 (1 month, 1 week ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-39987 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Apr. 23, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CPE Configuration OR *cpe:2.3:a:coreweave:marimo:*:*:*:*:*:python:*:* versions up to (excluding) 0.23.0
    Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a Types: Patch
    Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/pull/9098 Types: Issue Tracking, Patch
    Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc Types: Exploit, Mitigation, Vendor Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 Types: US Government Resource
    Added Reference Type CISA-ADP: https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours Types: Exploit, Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 23, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987
    Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-39987
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Apr. 23, 2026

    Action Type Old Value New Value
    Added Date Added 2026-04-23
    Added Due Date 2026-05-07
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Marimo Remote Code Execution Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 23, 2026

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-39987
    Added Reference https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours
  • New CVE Received by [email protected]

    Apr. 09, 2026

    Action Type Old Value New Value
    Added Description marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-306
    Added Reference https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a
    Added Reference https://github.com/marimo-team/marimo/pull/9098
    Added Reference https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 9.3
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact