Vulnerabilities

CVE-2026-39987: Marimo Notebook RCE Flaw Exploited Within Hours of Disclosure

April 12, 2026 14:30 · 5 min read
CVE-2026-39987: Marimo Notebook RCE Flaw Exploited Within Hours of Disclosure

Critical Flaw in Popular Python Notebook Platform Exploited at Speed

Threat actors moved with remarkable speed to weaponize a critical security flaw in Marimo, an open-source reactive Python notebook platform, launching their first exploitation attempt just 10 hours after the vulnerability was publicly disclosed. The flaw, tracked as CVE-2026-39987, enables remote code execution without any authentication and affects Marimo versions 0.20.4 and earlier. GitHub assessed the vulnerability with a critical severity score of 9.3 out of 10.

The findings come from researchers at cloud-security firm Sysdig, who observed attackers constructing a working exploit directly from information contained in the developer's own advisory and immediately deploying it in live attacks designed to exfiltrate sensitive information.

What Is Marimo and Why Does It Matter?

Marimo is an open-source Python notebook environment widely used by data scientists, machine learning and AI practitioners, academic researchers, and developers building data-driven applications or dashboards. The project has earned considerable traction in the developer community, boasting 20,000 GitHub stars and 1,000 forks, making any critical vulnerability in the platform a significant concern for a broad user base.

The Root Cause: An Unguarded WebSocket Terminal

CVE-2026-39987 stems from the WebSocket endpoint /terminal/ws exposing a fully interactive terminal session without enforcing any authentication checks. Because the endpoint accepts connections from any unauthenticated client, an attacker who can reach it gains direct access to an interactive shell running with the same operating system privileges as the Marimo process itself.

The developers disclosed the flaw on April 8 and released the patched version 0.23.0 the following day, April 9. According to the Marimo team, the vulnerability specifically affects users who have deployed Marimo as an editable notebook and those who expose the service to a shared network by launching it with the --host 0.0.0.0 flag while running in edit mode.

Exploitation Timeline: From Disclosure to Attack in Under 10 Hours

Sysdig's telemetry painted a vivid picture of how rapidly the vulnerability was weaponized in practice:

How the Attack Unfolded Step by Step

Sysdig's analysis of the observed attack revealed a methodical, multi-stage operation:

Initial Validation

The attacker began by connecting to the /terminal/ws endpoint and executing a short scripted sequence to confirm that remote command execution was achievable, then disconnected within seconds once the vulnerability was validated.

Manual Reconnaissance

Shortly afterward, the same attacker reconnected and transitioned to a hands-on reconnaissance phase, issuing basic shell commands including pwd, whoami, and ls to map out the environment. This was followed by directory navigation attempts and checks for SSH-related file paths and locations.

Credential Harvesting

The attacker then pivoted to active credential theft. Their primary target was the .env file, from which they extracted environment variables containing cloud credentials and application secrets. Additional files in the working directory were also probed, and the attacker continued searching for SSH keys throughout this phase.

According to Sysdig's report, the entire credential access phase was completed in under three minutes. Approximately one hour later, the same attacker returned and repeated the exploit sequence in a second session.

Attacker Profile: Stealthy and Methodical

Sysdig researchers characterized the threat actor as a "methodical operator" conducting a hands-on, targeted campaign rather than running fully automated scripts. The focus was squarely on high-value objectives — specifically stealing .env credentials and SSH keys — rather than broad compromise. Notably, the attacker made no attempt to install persistence mechanisms, deploy cryptomining software, or plant backdoors, suggesting the goal was a quick, stealthy data extraction operation.

Recommended Actions for Marimo Users

Organizations and individuals running Marimo are strongly urged to take the following steps immediately:

  1. Upgrade to version 0.23.0 as the primary and most effective remediation.
  2. Monitor WebSocket connections to the /terminal/ws endpoint for any suspicious activity.
  3. Restrict external access to the Marimo interface via firewall rules to limit exposure.
  4. Rotate all exposed secrets, including cloud credentials and any values stored in .env files, in case a compromise has already occurred.

For environments where an immediate upgrade is not feasible, blocking or disabling access to the /terminal/ws endpoint entirely serves as an effective interim mitigation to prevent exploitation until patching can be completed.

A Reminder of Rapid Exploit Development Risks

The speed with which CVE-2026-39987 moved from public advisory to active exploitation — under 10 hours — underscores the shrinking window organizations have to respond to critical disclosures. The case mirrors other recent rapid-exploitation events and highlights the importance of having patch management and secret rotation procedures that can be executed quickly when high-severity vulnerabilities surface.

Source: BleepingComputer

Source: BleepingComputer

Powered by ZeroBot

Protect your website from bots, scrapers, and automated threats.

Try ZeroBot Free

Related Articles

Vulnerabilities

More Than 10,000 Zimbra Servers Remain Unpatched Amid Active XSS Exploitation

Over 10,500 Zimbra Collaboration Suite servers exposed to the internet are still unpatched against CVE-2025-48700, an actively exploited cross-site scripting flaw. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch within three days.

Apr 26, 2026 08:00 · BleepingComputer 5 min read