A critical vulnerability in Marimo, an open-source Python notebook, was rapidly exploited by a threat actor, according to a report by cloud security firm Sysdig. The flaw, which affects the terminal WebSocket endpoint, was exploited just nine hours after its public disclosure.
Details of the Marimo Vulnerability
Marimo, known for its robust reactive notebook functionality, has gained significant attention with around 20,000 stars on GitHub. On April 8, the platform’s maintainers revealed CVE-2026-39987, a high-severity remote code execution vulnerability with a CVSS score of 9.3. This flaw stems from inadequate authentication checks within the terminal WebSocket endpoint.
The vulnerability allows unauthorized users to access a full interactive shell, enabling arbitrary execution of system commands. Marimo’s developers highlighted that unlike other endpoints, the terminal WebSocket endpoint fails to perform proper authentication validation, posing significant security risks.
Exploitation Timeline and Methodology
Sysdig reported that the vulnerability was exploited within 9 hours and 41 minutes after the advisory was released. Despite the absence of a public proof-of-concept, the attacker managed to develop a functional exploit by leveraging the advisory description. This exploit was used to connect to the unauthenticated terminal endpoint, allowing the attacker to navigate the compromised environment manually.
The security firm observed the exploit originating from a single IP address, although reconnaissance activities involved an additional 125 IP addresses. These activities included port scanning and HTTP probing, indicating a broader interest in exploiting the flaw.
Impact and Mitigation
During the attack, the threat actor connected to the vulnerable endpoint, conducted reconnaissance, and returned to extract files containing sensitive credentials. The entire operation was completed swiftly, with attempts to access every file in the target directory, including searches for SSH keys.
All Marimo versions up to 0.20.4 are vulnerable to CVE-2026-39987. Users are strongly advised to update to version 0.23.0 or newer, which includes critical patches addressing this security issue. Immediate action is necessary to protect systems from potential exploitation.
Related cybersecurity incidents include targeted attacks on Ninja Forms vulnerabilities, high-severity patches by Palo Alto Networks and SonicWall, and exposure of Google API keys in Android apps.
