Summary
Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw allows unauthenticated attackers to gain full interactive shell access via a WebSocket authentication bypass.
Take Action:
If you're running Marimo notebooks, update to version 0.23.0 immediately and rotate any credentials (AWS keys, SSH keys, database passwords, API secrets) that were stored on or accessible from that system. If you can't update right away, block access to the /terminal/ws endpoint or put the notebook behind a reverse proxy with authentication and never expose notebook platforms directly to the internet.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)