A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-39987, was discovered in the Marimo open-source Python notebook. The flaw affects the /terminal/ws WebSocket endpoint, which fails to validate authentication, allowing unauthenticated attackers to gain a full PTY shell and execute arbitrary system commands. Sysdig researchers observed exploitation attempts starting less than 10 hours after the public disclosure, even without a public proof-of-concept.
In the observed attacks, threat actors manually explored compromised environments to harvest credentials from .env files and locate SSH keys. This incident underscores the speed at which attackers now weaponize disclosures, monitoring for critical advisories to target internet-facing applications regardless of their popularity. Users are strongly urged to update Marimo to version 0.23.0 to mitigate this risk.
Top comments (0)