Back

Critical RCE Vulnerability in Marimo Exploited Within 10 Hours of Disclosure

Severity: High (Score: 72.8)

Sources: Hivepro, webflow.sysdig.com

Published: 2026-06-09 · Updated: 2026-06-10

Keywords: marimo, python, notebook, critical, under, hours, vulnerability

Severity indicators: critical, vulnerability, rce, ot, closure

Summary

On April 8, 2026, a critical pre-authenticated remote code execution vulnerability (CVE-2026-39987) was disclosed in Marimo, an open-source Python notebook platform. The flaw allows unauthenticated attackers to gain a full interactive shell via the /terminal/ws WebSocket endpoint. Exploitation was observed within 9 hours and 41 minutes of the advisory's publication, with attackers executing credential theft operations shortly after. The vulnerability affects all Marimo versions prior to 0.23.0 and has a CVSS score of 9.3. Researchers noted that no public proof-of-concept code existed at the time of the attack, indicating that attackers were able to construct exploits directly from the advisory's technical details. The attack pattern suggests professional threat actor involvement, focusing on credential harvesting rather than deploying malware. Organizations using Marimo are urged to implement emergency remediation to mitigate risks associated with this vulnerability. Key Points: • CVE-2026-39987 allows unauthenticated RCE on Marimo instances via WebSocket. • Exploitation occurred within 9 hours and 41 minutes of the vulnerability disclosure. • Attackers focused on credential theft, highlighting the need for immediate remediation.

Detailed Analysis

**Impact** Marimo users, primarily in data science, research, and interactive coding workflows, are affected globally. Approximately 20,000 GitHub stars indicate a moderate but active user base. The vulnerability allows attackers to steal sensitive credentials, including API keys for Large Language Models (OpenAI, Anthropic, Cohere) and cloud service credentials for AWS, GCP, and Azure, risking broader infrastructure compromise and operational disruption. No specific sector or geographic concentration was reported. **Technical Details** CVE-2026-39987 is a critical (CVSS 9.3) pre-authentication remote code execution vulnerability in Marimo versions ≤0.20.4, exploiting the unauthenticated /terminal/ws WebSocket endpoint. Attackers gain a full PTY shell via a single WebSocket connection without credentials. Exploitation was observed within 9 hours and 41 minutes post-disclosure, with no public proof-of-concept available at the time. The attacker conducted manual reconnaissance and credential exfiltration over multiple sessions from IP 49.207.56.74. The vulnerability results from inconsistent authentication enforcement across WebSocket endpoints. **Recommended Response** Immediately upgrade Marimo to version 0.23.0 or later, which enforces authentication on /terminal/ws. Rotate all potentially exposed credentials, including API keys and cloud service secrets, regardless of confirmed compromise. Monitor for any external connections to /terminal/ws as a high-confidence indicator of compromise. Deploy detections for unusual WebSocket activity and isolate affected instances; no specific malware or persistence mechanisms were reported.

Source articles (2)

  • From Advisory to Attack in Under 10 Hours: Marimo's Critical RCE Flaw — Hivepro · 2026-06-09
    CVE-2026-39987 represents a critical pre-authenticated remote code execution vulnerability affecting Marimo, an open-source reactive Python notebook platform widely used for data science, analysis, an…
  • Marimo Oss Python Notebook Rce From Disclosure To Exploitation In Under 10 Hours — webflow.sysdig.com · 2026-06-09
    On April 8, 2026, a critical vulnerability was disclosed in marimo , an open-source reactive Python notebook platform. Tracked as CVE-2026-39987 , it is a pre-authentication remote code execution (RCE…

Timeline

  • 2026-03-20 — CVE-2026-33017 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-04-08 — CVE-2026-39987 disclosed: A critical RCE vulnerability in Marimo was publicly disclosed, affecting all versions prior to 0.23.0.
  • 2026-04-09 — First exploitation attempt observed: Within 9 hours and 41 minutes of the advisory, the first exploitation attempt was detected by Sysdig TRT.
  • 2026-04-13 — First public PoC released: The first public proof-of-concept code for CVE-2026-39987 was made available, aiding defenders.
  • 2026-04-23 — CVE-2026-39987 added to CISA KEV: CISA included CVE-2026-39987 in its Known Exploited Vulnerabilities catalog due to active exploitation.

CVEs

  • CVE-2026-33017
  • CVE-2026-39987

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • 49.207.56.74 (Ipv4)
  • T1003 - OS Credential Dumping (Mitre Attack)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • GitHub (Platform)
  • Marimo (Platform)
  • N8n (Platform)
  • Langflow (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed