CVE-2026-39987
Published Apr 9, 2026
Last updated 2 months ago
AI description
CVE-2026-39987 identifies a pre-authentication remote code execution (RCE) vulnerability found in Marimo, a reactive Python notebook framework. The flaw stems from a lack of authentication validation on the `/terminal/ws` WebSocket endpoint. This oversight allows an unauthenticated attacker to gain access to a full PTY shell and execute arbitrary system commands. This vulnerability affects Marimo versions prior to 0.23.0. The issue has been actively exploited in the wild, with observed exploitation attempts occurring within hours of its public disclosure.
- Description
- marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- marimo
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Marimo Remote Code Execution Vulnerability
- Exploit added on
- Apr 23, 2026
- Exploit action due
- May 7, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-306
- Hype score
- Not currently trending
CVE-2026-39987: Two critical RCE vulnerabilities disclosed within days of each other — CVE-2026-39987 in Marimo CVSS 9.3, pre-auth WebSocket shell and CVE-2026-5760 in SGLang CVSS 9.8, GGUF model file SSTI — expose a new attack frontier: the AI developer stack itself.…
@lyrie_ai
12 Jun 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🤯 โดนใจสุดๆ! ใครอยากรู้เกี่ยวกับวิธีการโจมตีล่าสุดที่ใช้ LLM Agent หลังจากเจาะเข้าระบบ Marimo CVE-2026-39987 บอกเลยต้
@0xtroyster
5 Jun 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2026-39987: Critical Marimo pre-auth RCE exploited with an LLM agent for post-exploitation. Attackers reportedly stole cloud credentials, retrieved an SSH key from AWS Secrets Manager. https://t.co/NndC8ztPnl #Marimo #CVE #RCE #AISecurity #CloudSecurity
@vulert_official
1 Jun 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MarimoのRCE(CVE-2026-39987)を悪用しLLMエージェントが侵害後を自動化。窃取鍵で並列SSHを張りPostgreSQL全データを2分未満で窃取。事前知識なく即興で攻撃する適応性が脅威 / Attackers Use LLM Agent for Post-Exploitation After Mar
@__su888
31 May 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Threat][MY]🟡CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace Type: Broad-based Date: 15 Apr 2026 Refer: https://t.co/7X0kFazrDI #rectifyq #cti #threatintel #threatintelligence #malaysia #infosec
@_rectifyq
31 May 2026
483 Impressions
3 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
يستخدم المهاجمون وكيل LLM للإستغلال بعد الهجوم عبر Marimo CVE-2026-39987. Attackers are utilizing LLM agent for post-exploitation following the Marimo CVE-2026-39987 exploit. https://t.co/GyVdu3WnsI #CyberSecurity #LLMAgent #CVE202639987
@fad_777
31 May 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/I7GuFnWgg5
@DeepBlueInfoSec
31 May 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/bB3nCoH4An
@TechNowPulse
30 May 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/0BS0JGuBF9 https://t.co/rLeHJD4Zc9
@TonyBeeTweets
30 May 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-0257 2 - CVE-2026-48095 3 - CVE-2026-42826 4 - CVE-2026-39987 5 - CVE-2026-0265 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
30 May 2026
119 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/946br1yMQ6
@JedisecX
30 May 2026
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-39987、MarimoにRCE脆弱性。 LLMエージェントで事後悪用が確認。 ↓詳細はリプライで #脆弱性 https://t.co/A2ibX5BYIN
@motch_dev
30 May 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attackers exploited Marimo CVE-2026-39987 for RCE, then used an LLM agent to harvest creds, access AWS Secrets Manager, gain SSH bastion access, and exfiltrate PostgreSQL data. #Marimo #AWSSecrets #PostgreSQL https://t.co/z9MQCGmeXF
@TweetThreatNews
30 May 2026
102 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Marimo Pre-Auth RCE (CVE-2026-39987)🔓 CVE-2026-39987: Pre-auth RCE in Marimo, the Python reactive notebook framework with 19.6k GitHub stars. Single unauthenticated request gives root on the target. Marimo is widely deployed as a Jupyter alternative assume exposed instances a
@ElusivePrivacy
29 May 2026
48 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
Cyber Heat Radar|2026/05/30 05:00 JST 今回は①Marimo CVE-2026-39987悪用の件、②CVE-2026-0257 CISA KEV追加の件、③GogsゼロデイRCE露出の件を中心に、ほか4件を含めて音声で7件扱います。
@cyberheatradar
29 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/67GXipkiFJ
@TheRabbitPy
29 May 2026
53 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Marimo Python notebook の脆弱性 CVE-2026-39987 が FIX :未認証 RCE の恐れ https://t.co/RjwI9MXZPR Marimo の脆弱性 CVE-2026-39987 は、プログラムの実装ミスが原因で発生したものです。具体的には、特定の WebSocket
@iototsecnews
25 May 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
''Resecurity | Marimo Pre-Auth RCE via Unauthenticated WebSocket Terminal (CVE-2026-39987)'' #infosec #pentest #redteam #blueteam https://t.co/xFbl6hoOAw
@CyberWarship
17 May 2026
994 Impressions
1 Retweet
2 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2026-39987. What happened CISA added Marimo’s CVE-2026-39987 to the Known Exploited Vulnerabilities (KEV) catalog on 2026-04-23, confirming active exploitation in the wild CISA KEV.
@lyrie_ai
15 May 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coreweave:marimo:*:*:*:*:*:python:*:*",
"matchCriteriaId": "EFA40E82-022F-42C3-A141-F4493A2A3E57",
"versionEndExcluding": "0.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]