Critical Marimo RCE Exploited Within 10 Hours of Disclosure
Key Takeaways A critical pre-authentication Remote Code Execution (RCE) vulnerability in Marimo, an open-source Python notebook platform, was exploited within 10 hours of public disclosure. The flaw,...
Key Takeaways
- A critical pre-authentication Remote Code Execution (RCE) vulnerability in Marimo, an open-source Python notebook platform, was exploited within 10 hours of public disclosure.
- The flaw, CVE-2026-39987 (CVSS v4.0 score: 9.3), allowed unauthenticated attackers to gain an interactive shell and steal cloud credentials.
- Affected Marimo versions include 0.20.4 and earlier; immediate patching to version 0.23.0 or later is crucial.
- The rapid exploitation highlights sophisticated threat actors’ ability to weaponize new vulnerabilities quickly, even for niche software.
Rapid Exploitation of Critical Marimo RCE Underscores Threat Actor Agility
A severe vulnerability impacting Marimo, a popular open-source reactive Python notebook platform, was recently disclosed and subsequently exploited by threat actors in under ten hours. This rapid weaponization led to the theft of sensitive cloud credentials, showcasing the aggressive pace at which modern cyber adversaries operate following public vulnerability disclosures.
Table Of Content
The security flaw, officially designated as CVE-2026-39987 (formerly GHSA-2679-6mx9-h9xc), carries a critical CVSS v4.0 score of 9.3. It is categorized as a pre-authentication Remote Code Execution (RCE) vulnerability, specifically targeting the /terminal/ws WebSocket endpoint within the Marimo application.
Technical Details of the Vulnerability
The core issue stems from an authentication bypass: unlike other WebSocket endpoints in Marimo that correctly invoke the validate_auth() function, the /terminal/ws path entirely omits this crucial security check. This oversight permits any unauthenticated attacker to establish a single WebSocket connection and immediately gain a fully interactive pseudo-terminal (PTY) shell.
Because this shell operates with the same privileges as the Marimo process itself, attackers can execute arbitrary system commands and conduct reconnaissance on the underlying host without needing to craft complex exploit payloads. This direct access significantly lowers the bar for exploitation.
From Disclosure to Compromise: A Timeline
Remarkably, at the time of the attack, no public proof-of-concept (PoC) code was available. The threat actor demonstrated advanced capabilities by manually constructing a functional exploit directly from the technical details provided in the vulnerability advisory. During the intrusion, the attacker initially ran a structured validation script before proceeding with manual reconnaissance activities.
According to analysis by the Sysdig Threat Research Team, the initial exploitation attempt occurred just 9 hours and 41 minutes after the advisory was made public. Within a mere three minutes of achieving access, the attacker successfully located and exfiltrated the .env file, which contained critical AWS access keys and other application secrets.
This incident serves as a stark reminder that threat actors actively monitor new vulnerability disclosures, even for niche software like Marimo, which has approximately 20,000 GitHub stars. All Marimo versions up to and including 0.20.4 are affected by this critical flaw.
Indicator of Compromise
The source IP identified in exploiting the WebSocket terminal and stealing credentials is 49.207.56[.]74.
What You Should Do
- Immediate Patching: Update Marimo installations to patched version 0.23.0 or later without delay.
- Network Access Restriction: If immediate patching is not feasible, restrict external network access to the
/terminal/wsendpoint as an interim mitigation. - Audit Exposed Instances: Conduct a thorough audit of environment variables and
.envfiles on any Marimo instances that may have been previously exposed. - Credential Rotation: Promptly rotate all potentially compromised AWS credentials, API keys, database passwords, and SSH keys.
- Implement Authentication Layer: Implement an authentication layer or a reverse proxy in front of notebook platforms before exposing them to the internet.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.