Critical Marimo Vulnerability CVE-2026-39987 Under Active Attack

By /
marimo

A critical vulnerability in Marimo, an open-source Python notebook widely used for data science and analysis, is already being actively exploited. Security researchers have revealed that attackers began targeting the flaw within just 10 hours of its public disclosure highlighting how quickly cybercriminals move in today’s threat landscape.

This incident revolves around CVE-2026-39987, a severe remote code execution (RCE) vulnerability with a CVSS score of 9.3. The flaw affects all versions of Marimo up to and including version 0.20.4. Developers have since released a fix in version 0.23.0, urging users to upgrade immediately.

The vulnerability exists in Marimo’s WebSocket implementation, specifically in the /terminal/ws endpoint. Unlike other endpoints, this one fails to properly validate user authentication before allowing access.

In simple terms, this means:

  • An attacker does not need login credentials
  • They can directly connect to the vulnerable endpoint
  • They can gain full terminal access (PTY shell)
  • They can execute arbitrary system commands remotely

This flaw is particularly dangerous because it allows pre-authentication remote code execution, one of the most critical types of vulnerabilities in cybersecurity.

While other endpoints in Marimo correctly enforce authentication checks, the /terminal/ws endpoint only verifies whether the system supports terminal access. It completely skips verifying the identity of the user, leaving systems exposed to anyone on the internet.

According to findings by Sysdig, attackers began exploiting the vulnerability within just 9 hours and 41 minutes after it was publicly disclosed.

Even more concerning is the fact that:

  • No public proof-of-concept (PoC) exploit was available at the time
  • The attacker built their own exploit using only the advisory details
  • The attack was carried out manually, indicating a skilled human operator

This shows a clear shift in attacker behavior. Threat actors are no longer waiting for ready-made exploit code they are capable of quickly reverse-engineering vulnerabilities and launching attacks almost immediately.

Security researchers observed the attack using a honeypot system designed to mimic a vulnerable Marimo instance.

Here’s how the attack unfolded:

The attacker connected to the /terminal/ws endpoint and gained unauthorized shell access without any credentials.

They began exploring the system manually, checking directories and identifying valuable files.

Within minutes, the attacker attempted to extract sensitive information, including:

  • .env files (commonly used to store secrets like API keys and credentials)
  • SSH keys
  • Other configuration and system files

The attacker returned multiple times over a 90-minute window:

  • Conducted further checks
  • Verified if other attackers had accessed the system
  • Looked for additional data

Interestingly, no malware, cryptominers, or backdoors were deployed. This suggests the attack was focused on data theft and reconnaissance, rather than persistence or system takeover.

vulnerability

The CVE-2026-39987 flaw is especially dangerous for several reasons:

  • No authentication required
  • Full system access granted
  • Easy to exploit with minimal information
  • Targets internet-exposed applications

Any exposed Marimo instance becomes an immediate target once the vulnerability is disclosed.

This incident reinforces several important lessons for security teams, especially those managing cloud and development environments:

Attackers are monitoring vulnerability disclosures in real time and acting within hours not days or weeks.

Even less widely known tools like Marimo can become high-value targets if they expose critical vulnerabilities.

Delays in applying patches create a dangerous window of exposure. Organizations must prioritize rapid updates for critical vulnerabilities.

Files like .env often contain secrets. If compromised, they can lead to broader system access, API abuse, and data breaches.

If you are using Marimo in your environment, take the following actions immediately:

  • Upgrade to version 0.23.0 or later
  • Restrict access to internal tools using firewalls or VPNs
  • Avoid exposing development environments directly to the internet
  • Store sensitive credentials securely (use vaults instead of .env files where possible)
  • Monitor logs for unusual WebSocket activity

The rapid exploitation of CVE-2026-39987 highlights a harsh reality: the time between vulnerability disclosure and active attacks is shrinking fast.

Organizations can no longer assume they have days to respond. In many cases, the window is now just a few hours.

As this incident shows, any internet-facing application, regardless of popularity can become a target. Proactive security measures, faster patching, and continuous monitoring are no longer optional—they are essential.

Follow us on Twitter and Linkedin for real time updates and exclusive content.

Interesting Article : CVE-2026-34040, Docker Vulnerability Threatens Cloud and Kubernetes Security

Scroll to Top