Vulnerability intelligence

CVE-2026-39987

Marimo Remote Code Execution Vulnerability

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

CVSS Score

9.3

Critical

EPSS — Exploit Probability

81%

Riskier than 99% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2026-05-07

CISA required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-05-07.

NVD entry Vendor patch PoC / advisory CISA KEV

7 articles across 5 outlets · first covered Apr 10, 2026 · latest May 29, 2026

Associated threat actors

UAT-10362

Coverage timeline

Attackers Deploy AI LLM Agent After Marimo CVE-2026-39987 Breach
thehackernews.com · May 29, 2026
CISA Flags Marimo RCE Flaw in KEV, Urges Immediate Patching Action
www.cisa.gov · Apr 23, 2026
CISA Flags Critical Marimo RCE Bug CVE-2026-39987 in KEV
cisa.gov · Apr 23, 2026
Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION
securityaffairs.com · Apr 12, 2026
CVE-2026-39987: Marimo RCE exploited in hours after disclosure
securityaffairs.com · Apr 11, 2026
Marimo flaw lets attackers gain shell within hours of disclosure
thehackernews.com · Apr 10, 2026
Attackers exploit Marimo CVE-2026-39987 flaw hours after advisory
www.securityweek.com · Apr 10, 2026