{"id":563,"date":"2026-04-10T13:00:01","date_gmt":"2026-04-10T13:00:01","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=563"},"modified":"2026-04-10T13:00:01","modified_gmt":"2026-04-10T13:00:01","slug":"marimo-rce-flaw-cve-2026-39987-exploited-within-10-hours-of-disclosure","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=563","title":{"rendered":"Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 10, 2026<\/span><\/span>Vulnerability \/ Threat Intelligence<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

A critical security vulnerability\u00a0in Marimo<\/a>, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according\u00a0to findings<\/a> from\u00a0Sysdig.<\/p>\n

The vulnerability in question\u00a0is CVE-2026-39987<\/strong> (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including 0.20.4. The\u00a0issue has been addressed\u00a0in version\u00a00.23.0<\/a>.<\/p>\n

\u00abThe terminal WebSocket endpoint \/terminal\/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands,\u00bb Marimo maintainers said<\/a> in an advisory earlier this\u00a0week.<\/p>\n

\u00abUnlike other WebSocket endpoints (e.g., \/ws) that correctly call validate_auth() for authentication, the \/terminal\/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification.\u00bb<\/p>\n

In other words, attackers can obtain a full interactive shell on any exposed Marimo instance through a single WebSocket connection without requiring any credentials.<\/p>\n

Sysdig said it observed the first exploitation attempt targeting the vulnerability within 9 hours and 41 minutes of it being publicly disclosed, with a credential theft operation executed in minutes, despite there being no proof-of-concept (PoC) code available at the\u00a0time.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

The unknown threat actor behind the activity is said to have connected to the \/terminal\/ws WebSocket endpoint on a honeypot system and initiated manual reconnaissance to explore the file system and, minutes later, systematically attempted to harvest data from the .env\u00a0file, as well as search for SSH keys and read various\u00a0files.<\/p>\n

The attacker returned to the honeypot an hour later to access\u00a0the contents of\u00a0the .env\u00a0file and\u00a0check if other threat actors were active\u00a0during the time\u00a0window. No other payloads, like cryptocurrency miners or backdoors, were installed.<\/p>\n

\u00abThe attacker built a working exploit directly from the advisory description, connected to the unauthenticated terminal endpoint, and began manually exploring the compromised environment,\u00bb the cloud security company said. \u00abThe attacker connected four times over 90 minutes, with pauses between\u00a0sessions. This is consistent with a human operator working through a list of targets, returning to confirm findings.\u00bb<\/p>\n

The speed at which newly disclosed flaws\u00a0are being weaponized indicates that threat actors are\u00a0closely keeping an eye\u00a0on vulnerability disclosures and quickly exploiting\u00a0them during the\u00a0time between disclosure and patch\u00a0adoption.This, in turn,\u00a0has shrunk the time\u00a0defenders must respond once a vulnerability is publicly\u00a0announced.<\/p>\n

\u00abThe assumption that attackers only target widely deployed platforms is wrong. Any\u00a0internet-facing application with a critical advisory is a target, regardless of its popularity.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\ue804Ravie Lakshmanan\ue802Apr 10, 2026Vulnerability \/ Threat Intelligence A critical security vulnerability\u00a0in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure,…<\/p>\n","protected":false},"author":1,"featured_media":564,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1166,799,128,70,582,1165,316],"class_list":["post-563","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-cve202639987","tag-disclosure","tag-exploited","tag-flaw","tag-hours","tag-marimo","tag-rce"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=563"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/563\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/564"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}