Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

9.3

CVSS
Critical

CVE-2026-39987

PUBLISHED

marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

1 day faster than CISA KEV

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: marimo-team
Product: marimo
Published: Apr 09, 2026
EPSS: 80.7% · 99% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

python cisa nuclei_scanner

Weaknesses (CWE)

CWE-306

Missing Authentication for Critical Function

CVSS scores

CVSS v4.0 9.3 Critical

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 13:23:39 UTC · CVE

Proof of concept available

Recorded 2026-06-02 08:37:09 UTC · GitHub

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 13:23 UTC
CISA	2026-06-02 14:01 UTC

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2026/CVE-2026-39987.yaml	Jun 01, 2026

Recent mentions

Root in One Request: Pre-Auth RCE in Marimo (CVE-2026-39987)

DarkWebInformer · May 29, 2026

CVE-2026-39987 is a critical pre-authentication remote code execution flaw in Marimo, a popular open-source reactive Python notebook framework and a modern alternative to Jupyter with roughly 19.6k GitHub stars.

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

TheHackerNews · May 29, 2026

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

jenniferreire26/CVE-2026-39987

github · Created 2026-06-02 08:37:09 UTC · 0 stars

HORKimhab/CVE-2026-39987

github · Created 2026-05-30 07:40:54 UTC · 0 stars

CVE-2026-39987 - Draft

M3PH1569/CVE-2026-39987-POC

github · Created 2026-05-24 18:00:33 UTC · 1 stars

CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)

Timeline

CVE ID Reserved

2026-04-08 00:01 UTC
CVE Published to Public

2026-04-09 17:16 UTC
Added to KEVIntel

2026-06-01 13:23 UTC
Detected by Nuclei

2026-06-01 15:34 UTC
Proof of Concept Exploit Available

2026-06-02 08:37 UTC
KEV confirmed by CISA

2026-06-02 14:01 UTC