Marimo RCE flaw exploited in active attacks
▼ Summary
– Hackers began exploiting a critical vulnerability in the Marimo Python notebook platform just 10 hours after its public disclosure.
– The flaw, CVE-2026-39987, allows unauthenticated remote code execution via a WebSocket endpoint, giving attackers a full interactive shell.
– Attackers used the exploit to perform reconnaissance and steal sensitive credentials, like cloud keys and SSH files, in targeted operations.
– The vulnerability affects Marimo versions 0.20.4 and earlier, particularly when deployed as an editable notebook on a shared network.
– Developers released version 0.23.0 to fix the issue and recommend immediate upgrades or blocking the vulnerable endpoint.
A critical security flaw in the popular Marimo Python notebook platform is now under active attack, with hackers launching exploitation attempts within hours of its public disclosure. This vulnerability, identified as CVE-2026-39987, carries a critical severity rating of 9.3 and enables unauthenticated remote code execution. Attackers are leveraging it to swiftly steal sensitive credentials from exposed systems.
The issue resides in a specific WebSocket endpoint, `/terminal/ws`, which provides an interactive terminal session. Security researchers at Sysdig discovered that this endpoint lacked proper authentication controls, allowing any unauthenticated user to connect. This connection grants a full interactive shell running with the same system privileges as the Marimo application itself, creating a direct pathway for complete system compromise.
Marimo, an open-source environment favored by data scientists and developers for building interactive data applications, disclosed the flaw on April 8. The project, which boasts over 20,000 stars on GitHub, released patched version 0.23.0 to resolve the issue. The developers clarified that the vulnerability primarily impacts users who run Marimo as an editable notebook and expose it to a shared network using the `–host 0.0.0.0` configuration in edit mode.
Exploitation began with alarming speed. Sysdig’s threat intelligence team observed reconnaissance activity from 125 distinct IP addresses within the first 12 hours after disclosure. The first confirmed exploitation attempt occurred in less than ten hours, initiating a targeted credential theft operation.
The attacker’s methodology was precise. They first validated the vulnerability by connecting to the terminal endpoint and running a brief script to confirm command execution. After this quick test, they reconnected to perform manual reconnaissance, issuing basic commands to map the environment. The operator then immediately shifted focus to harvesting high-value credentials, targeting `.env` files to extract cloud credentials and application secrets, and probing for SSH keys. This entire credential access phase was completed in under three minutes.
Approximately one hour later, the same attacker returned for a second session using the same exploit sequence. Researchers characterize the activity as the work of a methodical, hands-on operator focused on stealth and specific objectives. Notably, the attacks did not involve deploying cryptominers, backdoors, or persistence mechanisms, suggesting a goal of quick, targeted data exfiltration.
All users of Marimo are urged to take immediate action. The primary recommendation is to upgrade to version 0.23.0 without delay. For those unable to upgrade immediately, a crucial mitigation is to block or disable access to the `/terminal/ws` WebSocket endpoint entirely. Furthermore, administrators should monitor for connections to this endpoint, restrict external network access to Marimo instances via firewall rules, and proactively rotate all exposed secrets and credentials that may have been accessible.
(Source: BleepingComputer)
