Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Marimo Vulnerability Exploited Quickly After Disclosure

Marimo Vulnerability Exploited Quickly After Disclosure

Posted on April 10, 2026 By CWS

A critical vulnerability in Marimo, an open-source Python notebook, was rapidly exploited by a threat actor, according to a report by cloud security firm Sysdig. The flaw, which affects the terminal WebSocket endpoint, was exploited just nine hours after its public disclosure.

Details of the Marimo Vulnerability

Marimo, known for its robust reactive notebook functionality, has gained significant attention with around 20,000 stars on GitHub. On April 8, the platform’s maintainers revealed CVE-2026-39987, a high-severity remote code execution vulnerability with a CVSS score of 9.3. This flaw stems from inadequate authentication checks within the terminal WebSocket endpoint.

The vulnerability allows unauthorized users to access a full interactive shell, enabling arbitrary execution of system commands. Marimo’s developers highlighted that unlike other endpoints, the terminal WebSocket endpoint fails to perform proper authentication validation, posing significant security risks.

Exploitation Timeline and Methodology

Sysdig reported that the vulnerability was exploited within 9 hours and 41 minutes after the advisory was released. Despite the absence of a public proof-of-concept, the attacker managed to develop a functional exploit by leveraging the advisory description. This exploit was used to connect to the unauthenticated terminal endpoint, allowing the attacker to navigate the compromised environment manually.

The security firm observed the exploit originating from a single IP address, although reconnaissance activities involved an additional 125 IP addresses. These activities included port scanning and HTTP probing, indicating a broader interest in exploiting the flaw.

Impact and Mitigation

During the attack, the threat actor connected to the vulnerable endpoint, conducted reconnaissance, and returned to extract files containing sensitive credentials. The entire operation was completed swiftly, with attempts to access every file in the target directory, including searches for SSH keys.

All Marimo versions up to 0.20.4 are vulnerable to CVE-2026-39987. Users are strongly advised to update to version 0.23.0 or newer, which includes critical patches addressing this security issue. Immediate action is necessary to protect systems from potential exploitation.

Related cybersecurity incidents include targeted attacks on Ninja Forms vulnerabilities, high-severity patches by Palo Alto Networks and SonicWall, and exposure of Google API keys in Android apps.

Security Week News Tags:Cybersecurity, Exploit, Marimo, Open Source, RCE vulnerability, security patch, Sysdig, threat actor, unauthenticated access, WebSocket

Post navigation

Previous Post: Google Enhances Chrome Security with DBSC Rollout
Next Post: Malicious OpenVSX Extension Infects Multiple Code Editors

Related Posts

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Security Week News
BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats  BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats  Security Week News
Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying  Security Week News
Google Antigravity Faces Security Threats Amid Growing Use Google Antigravity Faces Security Threats Amid Growing Use Security Week News
Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers Security Week News
Adobe Patches Over 60 Vulnerabilities Across 13 Products Adobe Patches Over 60 Vulnerabilities Across 13 Products Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance
  • Microsoft’s AI Strategy Enhances Vulnerability Detection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance
  • Microsoft’s AI Strategy Enhances Vulnerability Detection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark