CVE-2026-39987
Marimo Remote Code Execution Vulnerability - [Actively Exploited]
Description
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
INFO
Published Date :
April 9, 2026, 6:17 p.m.
Last Modified :
April 23, 2026, 8:15 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Unknown
https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update Marimo to version 0.23.0 or later.
- Verify authentication checks on WebSocket endpoints.
- Monitor for further security updates.
Public PoC/Exploit Available at Github
CVE-2026-39987 has a 15 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-39987.
| URL | Resource |
|---|---|
| https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a | Patch |
| https://github.com/marimo-team/marimo/pull/9098 | Issue Tracking Patch |
| https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc | Exploit Mitigation Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 | US Government Resource |
| https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours | Exploit Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-39987 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-39987
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Python
Marimo Pre-Auth RCE
Minimal demo: JAX-trained MLP exported to ONNX, run in the browser from a Marimo WASM notebook via onnxruntime-web
Python
None
None
Go HTML JavaScript CSS TypeScript
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability
Python
CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0.
cybersecurity marimo nmap-scripts nse-scripts python-notebook remote-code-execution vulnerability-detection websocket cve-2026-39987 pre-auth-rce
Python Lua
None
Python HTML
CVE-2026-39987 - Marimo < 0.23.0 Pre-Auth RCE (WebSocket) PoC de explotación - Conecta a /terminal/ws sin autenticación Author: Fevar54 Date: 2026-04-13 Severity: CRITICAL CVSS: 9.3
Python
CVE-2026-39987
Python
A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.
ai-agent-security ai-agents ai-security awesome-list cybersecurity llm-security mcp-security prompt-injection supply-chain-security adversarial-attacks agent-security agentic-ai ai-attacks ai-safety cve incident-response owasp red-team security-research vulnerability
Security Tracker
Python
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.
cve json rss cgn cisa kev
Python HTML
None
Python
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-39987 vulnerability anywhere in the article.
-
CybersecurityNews
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts
A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked ... Read more
-
CybersecurityNews
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-3998 ... Read more
-
CybersecurityNews
Marimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure
A critical vulnerability was disclosed in Marimo, an open-source reactive Python notebook platform. Less than 10 hours later, attackers successfully weaponized the flaw to steal sensitive cloud creden ... Read more
-
The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-s ... Read more
-
Daily CyberSecurity
LiteLLM Under Fire: Triple Threat Vulnerabilities Expose AI Gateways to Total Takeover
LiteLLM, the popular open-source library used to provide a unified interface for over 100 Large Language Models (LLMs) like OpenAI and Anthropic, has been hit with a series of critical security disclo ... Read more
-
Daily CyberSecurity
Under 10 Hours: The marimo Terminal RCE Exploited in a Record-Breaking AI Sprint
A critical flaw in marimo, a popular reactive Python notebook platform, has become the latest case study in how modern threat actors are weaponizing advisories with unprecedented speed. The vulnerabil ... Read more
-
Daily CyberSecurity
Total CMS Takeover: Movable Type Patches Critical 9.8 CVSS Perl RCE
Six Apart Ltd. has issued an urgent security advisory for Movable Type, a long-standing content management system used by enterprises worldwide. The report details two severe vulnerabilities within th ... Read more
-
Daily CyberSecurity
The CVE Watchtower: Weekly Threat Intelligence Briefing (April 6 – April 12, 2026)
Welcome to this week’s vulnerability digest. As we close out the first full week of April, security teams are faced with a challenging landscape of critical zero-days, active exploitations, and severe ... Read more
-
The Hacker News
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. T ... Read more
The following table lists the changes that have been made to the
CVE-2026-39987 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 23, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:coreweave:marimo:*:*:*:*:*:python:*:* versions up to (excluding) 0.23.0 Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a Types: Patch Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/pull/9098 Types: Issue Tracking, Patch Added Reference Type GitHub, Inc.: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc Types: Exploit, Mitigation, Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 Types: US Government Resource Added Reference Type CISA-ADP: https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours Types: Exploit, Third Party Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 23, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987 Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-39987 -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Apr. 23, 2026
Action Type Old Value New Value Added Date Added 2026-04-23 Added Due Date 2026-05-07 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Marimo Remote Code Execution Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Apr. 23, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-39987 Added Reference https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours -
New CVE Received by [email protected]
Apr. 09, 2026
Action Type Old Value New Value Added Description marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-306 Added Reference https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a Added Reference https://github.com/marimo-team/marimo/pull/9098 Added Reference https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc