Marimo RCE Vulnerability Exploited Just 10 Within Hours

A critical vulnerability affecting Marimo, an open-source reactive Python notebook platform, was recently disclosed. Within just 10 hours, attackers had already weaponized this flaw, successfully stealing sensitive cloud credentials and underscoring the rapid pace of modern threat actor exploitation.

The security flaw is formally tracked as CVE-2026-39987 (formerly GHSA-2679-6mx9-h9xc) and carries a Critical CVSS v4.0 score of 9.3.

It is a pre-authentication Remote Code Execution (RCE) vulnerability that specifically affects the /terminal/ws WebSocket endpoint of the Marimo application.

Unlike other WebSocket endpoints that correctly enforce authentication by calling validate_auth(), the /terminal/ws path completely skips this validation.

Marimo RCE Vulnerability Exploited

This oversight allows any unauthenticated attacker to establish a single WebSocket connection and instantly receive a full interactive pseudo-terminal (PTY) shell.

Because the shell runs with the privileges of the Marimo process, attackers can execute arbitrary system commands and explore the underlying host without crafting complex payloads.

At the time of the attack, no public proof-of-concept (PoC) code was available. The attacker manually constructed a working exploit directly from the technical details provided in the advisory.

During the intrusion, the attacker executed a structured validation script before transitioning to manual reconnaissance.

According to the Sysdig Threat Research Team, the first exploitation attempt occurred just 9 hours and 41 minutes after the advisory was published.

Within three minutes of gaining access, the threat actor successfully located and exfiltrated the .env file containing critical AWS access keys and application secrets.

This incident shows threat actors monitor advisories to target niche software like Marimo (~20,000 GitHub stars), with versions up to and including 0.20.4 affected.

Security teams should immediately apply the following actions to secure their environments:

• Update Marimo installations to patched version 0.23.0 or later immediately.
• Restrict external network access to the /terminal/ws endpoint if immediate patching is impossible.
• Audit environment variables and .env files on any previously exposed Marimo instances.
• Rotate all potentially compromised AWS credentials, API keys, database passwords, and SSH keys.
• Implement an authentication layer or reverse proxy before exposing notebook platforms to the internet.

Indicator of Compromise: 49.207.56[.]74 identified as the source IP exploiting a WebSocket terminal and stealing credentials.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.