editorially independent. We may make money when you click on links
to our partners.
Learn More
A vulnerability in the open-source Marimo Python notebook platform is already being actively exploited, underscoring how quickly attackers can turn newly disclosed flaws into real-world attacks.
Less than 10 hours after public disclosure, threat actors developed a working exploit and began targeting exposed systems.
“Within 9 hours and 41 minutes of the vulnerability advisory’s publication, the Sysdig Threat Research Team (TRT) observed the first exploitation attempt in the wild, and a complete credential theft operation was executed in under 3 minutes,” said Sysdig researchers.
Inside the Marimo RCE Flaw
The vulnerability, tracked as CVE-2026-39987, impacts Marimo versions 0.20.4 and earlier and has been assigned a CVSS score of 9.3.
At its core, the flaw enables pre-authentication remote code execution (RCE), allowing attackers to gain full access to affected systems without needing any credentials.
While less widely deployed than other notebook platforms, Marimo is often used in data science and research environments that have direct access to cloud infrastructure, APIs, and sensitive data.
This makes successful exploitation valuable, as attackers can quickly pivot from a compromised notebook instance to broader infrastructure.
How the Vulnerability Works
The issue originates in Marimo’s /terminal/ws WebSocket endpoint, which is designed to provide users with an interactive pseudo-terminal shell through the browser.
However, unlike other WebSocket endpoints in the application, this endpoint fails to enforce authentication checks.
As a result, any remote user who can reach the endpoint can establish a connection and immediately begin executing commands on the host system.
This vulnerability is notable for its simplicity, granting attackers immediate, persistent shell access without the need for complex payloads or exploitation chains.
The advisory included sufficient detail for attackers to quickly develop a working exploit, even in the absence of a public proof-of-concept.
Observed Exploitation Activity
Sysdig researchers found that the attackers first verified the vulnerability with a simple scripted command, then moved to manual exploration of the environment.
Within minutes, they targeted files such as .env, which often contain API keys, cloud credentials, and database connection details.
These factors make the vulnerability straightforward to exploit and increase its potential blast radius.
A patch has been released for the vulnerability.
How Organizations Can Reduce Exposure
Given the speed at which this vulnerability is being exploited, organizations should take immediate steps to reduce exposure and limit potential impact.
- Patch to the latest version of Marimo and test patches before deployment in production.
- Restrict and harden access by blocking the /terminal/ws endpoint, enforcing authentication (MFA/SSO), and avoiding direct internet exposure.
- Rotate and secure credentials by auditing .env files, removing hardcoded secrets, and using centralized secret management solutions.
- Apply least privilege by running Marimo with restricted permissions and limiting access to sensitive files and resources.
- Monitor and detect suspicious activity by tracking WebSocket connections, command execution, and anomalous behavior with logging and runtime security tools.
- Segment and control network traffic by isolating notebook environments, limiting lateral movement, and enforcing egress filtering.
- Test incident response plans and use attack simulation tools.
Taking these steps can help organizations strengthen resilience and reduce exposure by limiting attack paths, improving detection, and minimizing the impact of potential compromise.
Exploitation Timelines Are Collapsing
This incident reflects a broader shift in how quickly vulnerabilities are exploited. The time between disclosure and active exploitation has narrowed, with attackers monitoring advisory feeds and using automation to rapidly develop working exploits.
In some cases, tools and AI-assisted analysis may further accelerate this process by enabling faster interpretation of technical details and reducing the effort required to weaponize newly disclosed flaws.
As exploitation timelines continue to shrink, zero trust solutions can help organizations limit exposure by continuously verifying access.
