Key Findings

• Critical RCE vulnerability CVE-2026-39987 in Marimo (CVSS 9.3) exploited within 9 hours 41 minutes of disclosure

• Unauthenticated attackers can obtain full interactive shell access on exposed instances through /terminal/ws WebSocket endpoint

• Affects all Marimo versions up to 0.20.4; patched in version 0.23.0

• Unknown threat actor built working exploit from advisory alone, with no public PoC available

• Attacker conducted credential theft operation and reconnaissance, returning multiple times over 90 minutes

• Demonstrates rapid weaponization timeline between disclosure and patch deployment

Background

Marimo is an open-source Python notebook platform designed for data science and analysis work. The vulnerability at the center of this incident, CVE-2026-39987, represents a fundamental authentication bypass that leaves any internet-facing Marimo instance exposed to complete system compromise without requiring valid credentials.

The Technical Flaw

The /terminal/ws WebSocket endpoint in Marimo lacks proper authentication validation, unlike other WebSocket endpoints such as /ws that correctly call validate_auth() functions. This endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification.

This means an attacker can connect to a single WebSocket endpoint and obtain a full pseudoterminal (PTY) shell with the ability to execute arbitrary system commands, effectively taking over the host system.

Exploitation Timeline and Activity

Sysdig security researchers observed the first exploitation attempt just 9 hours and 41 minutes after public disclosure. The attacker demonstrated clear operational security by connecting four times over 90 minutes with deliberate pauses between sessions, behavior consistent with a human operator working through a target list rather than automated scanning.

During initial access, the threat actor manually explored the file system and within minutes systematically attempted to harvest sensitive data, specifically targeting .env files and searching for SSH keys. The attacker returned an hour later to confirm access to the .env file contents and check for signs of other threat actors operating during the same window.

Implications for Defenders

The speed of weaponization reveals a critical gap in the traditional vulnerability response timeline. Threat actors are actively monitoring vulnerability disclosures and building working exploits from technical descriptions alone, eliminating any assumption that low-profile applications won't be targeted.

Organizations operating Marimo or similar internet-facing applications must assume that critical advisories will be exploited within hours, not days. The window for applying patches has compressed dramatically, requiring immediate patching protocols and network segmentation strategies for vulnerable systems that cannot be updated immediately.

Sources

• https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html

• https://www.cypro.se/2026/04/10/marimo-rce-flaw-cve-2026-39987-exploited-within-10-hours-of-disclosure/

• https://www.reddit.com/r/SecOpsDaily/comments/1shkj7g/marimo_rce_flaw_cve202639987_exploited_within_10/