Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Marimo Vulnerability Exploited Quickly After Disclosure

Marimo Vulnerability Exploited Quickly After Disclosure

Posted on April 10, 2026 By CWS

A critical vulnerability in Marimo, an open-source Python notebook, was rapidly exploited by a threat actor, according to a report by cloud security firm Sysdig. The flaw, which affects the terminal WebSocket endpoint, was exploited just nine hours after its public disclosure.

Details of the Marimo Vulnerability

Marimo, known for its robust reactive notebook functionality, has gained significant attention with around 20,000 stars on GitHub. On April 8, the platform’s maintainers revealed CVE-2026-39987, a high-severity remote code execution vulnerability with a CVSS score of 9.3. This flaw stems from inadequate authentication checks within the terminal WebSocket endpoint.

The vulnerability allows unauthorized users to access a full interactive shell, enabling arbitrary execution of system commands. Marimo’s developers highlighted that unlike other endpoints, the terminal WebSocket endpoint fails to perform proper authentication validation, posing significant security risks.

Exploitation Timeline and Methodology

Sysdig reported that the vulnerability was exploited within 9 hours and 41 minutes after the advisory was released. Despite the absence of a public proof-of-concept, the attacker managed to develop a functional exploit by leveraging the advisory description. This exploit was used to connect to the unauthenticated terminal endpoint, allowing the attacker to navigate the compromised environment manually.

The security firm observed the exploit originating from a single IP address, although reconnaissance activities involved an additional 125 IP addresses. These activities included port scanning and HTTP probing, indicating a broader interest in exploiting the flaw.

Impact and Mitigation

During the attack, the threat actor connected to the vulnerable endpoint, conducted reconnaissance, and returned to extract files containing sensitive credentials. The entire operation was completed swiftly, with attempts to access every file in the target directory, including searches for SSH keys.

All Marimo versions up to 0.20.4 are vulnerable to CVE-2026-39987. Users are strongly advised to update to version 0.23.0 or newer, which includes critical patches addressing this security issue. Immediate action is necessary to protect systems from potential exploitation.

Related cybersecurity incidents include targeted attacks on Ninja Forms vulnerabilities, high-severity patches by Palo Alto Networks and SonicWall, and exposure of Google API keys in Android apps.

Security Week News Tags:Cybersecurity, Exploit, Marimo, Open Source, RCE vulnerability, security patch, Sysdig, threat actor, unauthenticated access, WebSocket

Post navigation

Previous Post: Google Enhances Chrome Security with DBSC Rollout
Next Post: Malicious OpenVSX Extension Infects Multiple Code Editors

Related Posts

Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights Security Week News
Israel Leverages Iran’s Surveillance for Strategic Advantage Israel Leverages Iran’s Surveillance for Strategic Advantage Security Week News
Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption Security Week News
Akira Ransomware Group Made 4 Million in Ransom Proceeds Akira Ransomware Group Made $244 Million in Ransom Proceeds Security Week News
Samsung KNOX Vulnerability Exposed Millions of Devices Samsung KNOX Vulnerability Exposed Millions of Devices Security Week News
The UK Brings Cyberwarfare Out of the Closet The UK Brings Cyberwarfare Out of the Closet Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • GodDamn Ransomware Uses PoisonX to Evade Security
  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • GodDamn Ransomware Uses PoisonX to Evade Security
  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark