[{"data":1,"prerenderedAt":159},["ShallowReactive",2],{"article-slug-marimo-rce-flaw-exploited-within-hours-of-disclosure":3,"articles-index":-1},{"id":4,"slug":5,"headline":6,"title":7,"summary":8,"full_report":9,"twitter_post":10,"meta_description":11,"category":12,"severity":15,"entities":16,"cves":27,"sources":33,"events":46,"mitre_techniques":53,"mitre_mitigations":69,"d3fend_countermeasures":106,"iocs":111,"cyber_observables":112,"tags":130,"extract_datetime":134,"article_type":135,"impact_scope":136,"pub_date":144,"reading_time_minutes":145,"createdAt":134,"updatedAt":146,"updates":147},"2595f69b-f872-4641-b8a5-0cd141377ca4","marimo-rce-flaw-exploited-within-hours-of-disclosure","Marimo RCE Flaw Exploited in Under 10 Hours of Public Disclosure","Critical Marimo RCE Flaw (CVE-2026-39987) Exploited in the Wild Less Than 10 Hours After Disclosure","A critical, unauthenticated remote code execution (RCE) vulnerability in the Marimo Python notebook, CVE-2026-39987, was exploited in the wild just 9 hours and 41 minutes after its public disclosure on April 8, 2026. The flaw, which has a CVSS score of 9.3, allows an unauthenticated attacker to gain a full interactive shell on the server running the notebook. Security firm Sysdig observed an attacker developing a working exploit directly from the advisory's technical details and using it to steal credentials, demonstrating the rapidly shrinking window between vulnerability disclosure and exploitation.","## Executive Summary\n\nOn April 8, 2026, a critical remote code execution (RCE) vulnerability in **Marimo**, an open-source reactive notebook for Python, was publicly disclosed. The vulnerability, tracked as **[CVE-2026-39987](https://www.cve.org/CVERecord?id=CVE-2026-39987)**, carries a CVSS score of 9.3 and allows unauthenticated attackers to gain full system access. In a stark demonstration of the speed of modern attackers, security researchers at **[Sysdig](https://sysdig.com/)** detected the first in-the-wild exploitation of this flaw just 9 hours and 41 minutes after the advisory was published. The attacker successfully developed a working exploit solely from the technical description in the advisory, as no public proof-of-concept was available. This incident serves as a critical reminder for developers and security teams to patch vulnerabilities with extreme urgency.\n\n---\n\n## Vulnerability Details\n\n- **CVE ID:** CVE-2026-39987\n- **Affected Product:** Marimo (versions up to and including 0.20.4)\n- **Vulnerability Type:** Authentication Bypass leading to Remote Code Execution\n- **CVSS Score:** 9.3 (Critical)\n- **Attack Vector:** Network\n- **Authentication:** Not Required\n\nThe vulnerability exists in the `/terminal/ws` WebSocket endpoint of the Marimo application. This endpoint was intended to provide a terminal interface for authenticated users but lacked any authentication checks. As a result, any unauthenticated attacker could connect to this WebSocket and gain a full interactive PTY (pseudo-terminal) shell on the server, with the privileges of the user running the Marimo notebook.\n\n## Exploitation Status\n\nThe vulnerability was **exploited in the wild in less than 10 hours**. The Sysdig honeypot that detected the attack recorded the following sequence:\n\n1.  **Connection:** The attacker connected to the vulnerable `/terminal/ws` endpoint.\n2.  **Reconnaissance:** The attacker manually executed basic commands like `ls -la` and `pwd` to understand the file system and their current location.\n3.  **Credential Theft:** The attacker located and exfiltrated the contents of a `.env` file and searched for SSH keys (`.ssh` directory), completing the entire credential theft operation in under three minutes.\n\nThis demonstrates a skilled attacker capable of rapid weaponization of a newly disclosed vulnerability without needing a pre-built exploit script.\n\n## Impact Assessment\n\nA successful exploit gives an attacker an interactive shell on the server running Marimo. This allows them to:\n\n-   **Execute Arbitrary Commands:** Run any command with the permissions of the Marimo user.\n-   **Steal Source Code and Data:** Access and exfiltrate proprietary code, datasets, and sensitive information stored on the server.\n-   **Steal Credentials:** Read configuration files (`.env`), SSH keys, and cloud provider credentials, enabling further lateral movement into cloud environments or other systems.\n-   **Establish Persistence:** Install backdoors, reverse shells, or cryptominers to maintain long-term access to the compromised system.\n\nThe compromise of a data science or development environment can be particularly damaging, leading to intellectual property theft and a deep compromise of an organization's infrastructure.\n\n## Cyber Observables for Detection\n\n| Type | Value | Description |\n|---|---|---|\n| url_pattern | `/terminal/ws` | Any connection to this WebSocket endpoint from an untrusted or external IP address is a strong indicator of an exploitation attempt. |\n| process_name | `python` | Monitor the Python process running the Marimo notebook for suspicious child processes like `/bin/sh`, `bash`, or other unexpected commands. |\n| network_traffic_pattern | Unexpected outbound connections from the Marimo server | After exploitation, the attacker may try to establish a reverse shell or exfiltrate data. |\n\n## Detection & Response\n\n1.  **Web Server Log Analysis:** Review web server and application logs for any connection attempts to the `/terminal/ws` URL. Any successful connection from an unauthorized source should be treated as a compromise.\n2.  **Process Monitoring:** Use an EDR or process auditing to monitor the Marimo process. A Python web application should not be spawning interactive shells. Alerting on this behavior can detect post-exploitation activity.\n3.  **Network Monitoring:** Analyze network traffic for connections on the port Marimo is running on. Specifically, look for WebSocket upgrade requests to the `/terminal/ws` path.\n\n**D3FEND Reference:** Detection focuses on [`D3-WSAA - Web Session Activity Analysis`](https://d3fend.mitre.org/technique/d3f:WebSessionActivityAnalysis) to spot the malicious WebSocket connection and [`D3-PA - Process Analysis`](https://d3fend.mitre.org/technique/d3f:ProcessAnalysis) to see the resulting shell.\n\n## Mitigation\n\n-   **Patch Immediately:** The primary mitigation is to update to Marimo version **0.23.0** or later, which completely removes the vulnerability. This is an urgent patching requirement.\n-   **Restrict Access:** Never expose a Marimo notebook instance directly to the internet. They are development tools and should be run on a local machine or on an internal network behind a firewall and an authenticating proxy.\n-   **Firewall Rules:** If a Marimo instance must be accessible, use a firewall to restrict access to the specific port to only known, trusted IP addresses.\n\n**D3FEND Reference:** The only true fix is [`D3-SU - Software Update`](https://d3fend.mitre.org/technique/d3f:SoftwareUpdate). As a preventative measure, [`D3-NI - Network Isolation`](https://d3fend.mitre.org/technique/d3f:NetworkIsolation) ensures development tools like Marimo are not exposed to attackers in the first place.","⚡️ Unbelievable speed: A critical RCE in Marimo Python notebooks (CVE-2026-39987) was exploited in the wild just 9 hours after disclosure. Attackers built an exploit from the advisory alone. Patch NOW! #RCE #CyberSecurity #Exploit #Python","A critical RCE vulnerability in the Marimo Python notebook, CVE-2026-39987, was exploited less than 10 hours after public disclosure, highlighting the extreme speed of modern threat actors.",[13,14],"Vulnerability","Cyberattack","critical",[17,20,24],{"name":18,"type":19},"Marimo","product",{"name":21,"type":22,"url":23},"Sysdig","company","https://sysdig.com/",{"name":25,"type":26},"Python","technology",[28],{"id":29,"cvss_score":30,"cvss_version":31,"kev":32,"severity":15},"CVE-2026-39987",9.3,"3.1",false,[34,40],{"url":35,"title":36,"date":37,"friendly_name":38,"website":39},"https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/data/github/marimo-team/marimo/GHSA-2679-6mx9-h9xc.yml","GHSA-2679-6mx9-h9xc: Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass","2026-04-08","GitLab","gitlab.com",{"url":41,"title":42,"date":43,"friendly_name":44,"website":45},"https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html","Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure","2026-04-10","The Hacker News","thehackernews.com",[47,50],{"datetime":48,"summary":49},"2026-04-08T00:00:00Z","The Marimo RCE vulnerability (CVE-2026-39987) is publicly disclosed.",{"datetime":51,"summary":52},"2026-04-08T09:41:00Z","Sysdig researchers observe the first in-the-wild exploitation attempt, just 9 hours and 41 minutes after disclosure.",[54,58,61,65],{"id":55,"name":56,"tactic":57},"T1190","Exploit Public-Facing Application","Initial Access",{"id":59,"name":25,"tactic":60},"T1059.006","Execution",{"id":62,"name":63,"tactic":64},"T1087.002","Domain Account","Discovery",{"id":66,"name":67,"tactic":68},"T1552.001","Credentials In Files","Credential Access",[70,80,89],{"id":71,"name":72,"d3fend_techniques":73,"description":78,"domain":79},"M1051","Update Software",[74],{"id":75,"name":76,"url":77},"D3-SU","Software Update","https://d3fend.mitre.org/technique/d3f:SoftwareUpdate","Immediately update Marimo to version 0.23.0 or later to eliminate the vulnerability.","enterprise",{"id":81,"name":82,"d3fend_techniques":83,"description":88,"domain":79},"M1035","Limit Access to Resource Over Network",[84],{"id":85,"name":86,"url":87},"D3-NI","Network Isolation","https://d3fend.mitre.org/technique/d3f:NetworkIsolation","Do not expose development tools like Marimo directly to the internet. Restrict access to internal networks or trusted IPs only.",{"id":90,"name":91,"d3fend_techniques":92,"description":105,"domain":79},"M1048","Application Isolation and Sandboxing",[93,97,101],{"id":94,"name":95,"url":96},"D3-DA","Dynamic Analysis","https://d3fend.mitre.org/technique/d3f:DynamicAnalysis",{"id":98,"name":99,"url":100},"D3-HBPI","Hardware-based Process Isolation","https://d3fend.mitre.org/technique/d3f:Hardware-basedProcessIsolation",{"id":102,"name":103,"url":104},"D3-SCF","System Call Filtering","https://d3fend.mitre.org/technique/d3f:SystemCallFiltering","Run development tools in containerized or isolated environments to limit the blast radius of a potential compromise.",[107,109],{"technique_id":75,"technique_name":76,"url":77,"recommendation":108,"mitre_mitigation_id":71},"The exploitation of CVE-2026-39987 within 10 hours of disclosure underscores that the only truly effective mitigation is immediate patching. Organizations using Marimo must treat the update to version 0.23.0 as an emergency change. The speed of weaponization means that traditional weekly or monthly patch cycles are no longer adequate for critical, internet-facing vulnerabilities. An automated system for identifying vulnerable software versions and deploying patches is essential. In this specific case, any Marimo instance running a version up to 0.20.4 must be updated without delay. This is a direct and complete countermeasure to the threat.",{"technique_id":85,"technique_name":86,"url":87,"recommendation":110,"mitre_mitigation_id":81},"This incident is a textbook case for the importance of Network Isolation for development tools. Marimo notebooks, like Jupyter or other interactive coding environments, should never be directly exposed to the public internet. They are not designed with the same security hardening as production web servers. The best practice is to run these tools on a local machine or within a private, isolated network. Any remote access should be brokered through a secure, authenticated gateway like a VPN or an authenticating proxy (e.g., Google's IAP). By implementing this 'zero-exposure' policy for development tools, organizations can ensure that even if a critical vulnerability like CVE-2026-39987 is disclosed, their instances are not reachable by attackers, rendering the vulnerability non-exploitable from the outside.",[],[113,119,124],{"type":114,"value":115,"description":116,"context":117,"confidence":118},"url_pattern","/terminal/ws","The vulnerable WebSocket endpoint in Marimo. Any inbound connection attempt to this path on a Marimo server is a direct indicator of an exploit attempt.","Web server access logs, WAF logs, NDR platforms.","high",{"type":120,"value":121,"description":122,"context":123,"confidence":118},"command_line_pattern","python -m marimo","The process running the Marimo notebook. Monitor this process for spawning unexpected child processes like shells (`sh`, `bash`) or network tools (`curl`, `wget`).","EDR logs, process monitoring tools.",{"type":125,"value":126,"description":127,"context":128,"confidence":129},"file_name",".env","The observed attacker immediately searched for and exfiltrated this file. Monitor for access to `.env` files by the Marimo process.","File Integrity Monitoring (FIM), EDR file access logs.","medium",[131,13,132,18,25,29,133],"RCE","Exploit","Zero-Day","2026-04-09T15:00:00.000Z","NewsArticle",{"geographic_scope":137,"industries_affected":138,"other_affected":141},"global",[139,140],"Technology","Other",[142,143],"Data Science community","Software Development community","2026-04-09",4,"2026-04-14T00:00:00Z",[148],{"update_id":149,"update_date":146,"datetime":146,"title":150,"summary":151,"sources":152},"update-1","Update 1","New reports confirm continued active exploitation of Marimo RCE (CVE-2026-39987) with updated threat intelligence.",[153,156],{"title":154,"url":155},"13th April – Threat Intelligence Report","https://research.checkpoint.com/2026/04/13/13th-april-threat-intelligence-report/",{"title":157,"url":158},"CVE-2026-39987: Unauthenticated RCE in Marimo Python Notebooks","https://securityonline.info/cve-2026-39987-unauthenticated-rce-in-marimo-python-notebooks/",1776260634302]