A newly disclosed vulnerability in the Marimo open-source reactive Python notebook platform is now under active exploitation, just hours after its public disclosure. Tracked as CVE-2026-39987, the flaw allows unauthenticated remote code execution via the /terminal/ws WebSocket endpoint, exposing an interactive shell without proper authentication checks.
Vulnerability Details
- Affected versions: Marimo 0.20.4 and earlier.
- Severity: Critical (CVSS 9.3).
- Root cause:
/terminal/wsendpoint exposes an interactive terminal without authentication. - Impact: Attackers gain direct shell access with the same privileges as the Marimo process.
Exploitation in the Wild
- Timeline: Exploits observed within 10 hours of disclosure.
- Reconnaissance: 125 IPs began scanning within 12 hours.
- Attack behavior:
- Initial validation with simple commands (
pwd,whoami,ls). - Credential harvesting from
.envfiles, environment variables, and SSH keys. - Focused on cloud credentials and application secrets.
- Initial validation with simple commands (
- Operator profile: Manual, methodical attacker — not automated scripts.
- Goal: Quick credential theft rather than persistence or cryptomining.
Mitigation Guidance
- Upgrade immediately: Patch to Marimo 0.23.0.
- Restrict access: Block external connections to
/terminal/wsvia firewall. - Rotate secrets: Replace any exposed credentials, especially cloud keys and SSH.
- Monitor activity: Watch for suspicious WebSocket connections and credential access attempts.
- Fallback mitigation: If upgrading isn’t possible, disable or block
/terminal/wsentirely.
Final Thought
This incident underscores the speed at which attackers weaponize newly disclosed vulnerabilities. For open-source projects like Marimo, disclosure-to-exploitation windows are shrinking to mere hours. Organizations must adopt rapid patching, secret rotation, and proactive monitoring to defend against opportunistic credential theft.
Leave a Reply