A significant security weakness was identified in Marimo, a popular open-source reactive Python notebook platform. Within a mere 10 hours of this vulnerability being revealed, cybercriminals leveraged it to extract sensitive cloud credentials, underscoring the rapid response capabilities of today’s threat actors.
Details of the Vulnerability
The vulnerability, officially recorded as CVE-2026-39987, boasts a Critical CVSS v4.0 score of 9.3. This pre-authentication Remote Code Execution (RCE) flaw impacts the /terminal/ws WebSocket endpoint of Marimo. Unlike other endpoints that ensure security through validate_auth(), this specific path fails to implement necessary authentication checks.
This oversight allows unauthorized individuals to establish a WebSocket connection, granting them a fully interactive pseudo-terminal (PTY) shell. With the shell operating under Marimo’s privileges, attackers can execute arbitrary commands without needing intricate payloads.
Rapid Exploitation by Attackers
Despite the absence of a public proof-of-concept (PoC) at the time of the incident, attackers quickly devised a working exploit using the technical details from the advisory. They initiated the attack just 9 hours and 41 minutes post-advisory release, successfully exfiltrating critical AWS access keys and application secrets within minutes.
This case highlights the vigilance of threat actors who monitor advisories to exploit niche software vulnerabilities, such as those found in Marimo, which has garnered around 20,000 stars on GitHub. Versions up to 0.20.4 are susceptible to this flaw.
Recommended Security Measures
Security teams are advised to immediately upgrade Marimo installations to the patched version 0.23.0 or later. Where immediate patching is not feasible, it is crucial to restrict external network access to the /terminal/ws endpoint. Additionally, auditing environment variables and .env files on previously exposed Marimo instances is recommended.
Organizations should rotate all potentially compromised AWS credentials, API keys, database passwords, and SSH keys. Implementing an authentication layer or reverse proxy before exposing notebook platforms to the internet can add an extra layer of security.
Sysdig Threat Research Team identified the IP 49.207.56[.]74 as the source of the WebSocket terminal exploitation. For ongoing cybersecurity updates, follow us on Google News, LinkedIn, and X. Reach out to feature your cybersecurity stories.
