Critical Marimo RCE Vulnerability Exploited Within Hours of Disclosure
A severe remote code execution (RCE) vulnerability in Marimo, an open-source Python notebook platform, was actively exploited just 9 hours and 41 minutes after its public disclosure on April 8, 2026. Tracked as CVE-2026-39987 (CVSS 9.3), the flaw allows unauthenticated attackers to gain a full interactive shell on exposed instances.
The vulnerability affects Marimo versions 0.20.4 and earlier, specifically targeting the /terminal/ws WebSocket endpoint, which lacks proper authentication checks. Unlike other endpoints, this path fails to validate user sessions, enabling attackers to establish a persistent shell with the privileges of the Marimo process without requiring credentials or complex payloads.
Security firm Sysdig detected the first exploitation attempts using honeypot servers. The attack began with an automated script to confirm RCE, followed by a human operator manually navigating the victim’s filesystem. Within three minutes, the attacker extracted a .env file containing sensitive cloud credentials, including AWS access keys.
Notably, no public proof-of-concept (PoC) exploit existed at the time, suggesting threat actors rapidly weaponized the flaw using details from the advisory potentially leveraging AI to accelerate exploit development. The incident underscores a growing trend of attackers targeting niche software, not just mainstream platforms.
Marimo, used by data scientists and AI researchers, has ~20,000 GitHub stars. The patched version (0.23.0) closes the vulnerable endpoint, but organizations are advised to review logs for unauthorized access and rotate exposed credentials.
Source: https://gbhackers.com/marimo-rce-vulnerability-exploited/
marimo cybersecurity rating report: https://www.rankiteo.com/company/marimo-io
Sysdig cybersecurity rating report: https://www.rankiteo.com/company/sysdig
"id": "MARSYS1776075943",
"linkid": "marimo-io, sysdig",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology (Data Science/AI)',
'name': 'Marimo',
'size': '~20,000 GitHub stars',
'type': 'Open-source software platform'}],
'attack_vector': 'WebSocket endpoint (/terminal/ws)',
'data_breach': {'data_exfiltration': 'Yes (.env file extracted)',
'file_types_exposed': ['.env'],
'sensitivity_of_data': 'High (cloud infrastructure access)',
'type_of_data_compromised': 'Cloud credentials (AWS access '
'keys), environment variables'},
'date_detected': '2026-04-08T00:00:00Z',
'date_publicly_disclosed': '2026-04-08T00:00:00Z',
'description': 'A severe remote code execution (RCE) vulnerability in Marimo, '
'an open-source Python notebook platform, was actively '
'exploited just 9 hours and 41 minutes after its public '
'disclosure on April 8, 2026. The flaw allows unauthenticated '
'attackers to gain a full interactive shell on exposed '
'instances by targeting the /terminal/ws WebSocket endpoint, '
'which lacks proper authentication checks.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'rapid exploitation',
'data_compromised': 'AWS access keys, .env file contents',
'operational_impact': 'Unauthorized access to sensitive '
'credentials, potential cloud resource '
'compromise',
'systems_affected': 'Marimo instances (versions 0.20.4 and '
'earlier)'},
'initial_access_broker': {'entry_point': '/terminal/ws WebSocket endpoint',
'high_value_targets': 'Cloud credentials (.env '
'files)'},
'investigation_status': 'Ongoing (initial exploitation detected)',
'lessons_learned': 'Attackers rapidly weaponize vulnerabilities in niche '
'software, even without public PoC exploits. Organizations '
'must prioritize patching and credential rotation for '
'open-source tools.',
'motivation': 'Credential theft, potential lateral movement',
'post_incident_analysis': {'corrective_actions': 'Endpoint authentication '
'implemented in version '
'0.23.0',
'root_causes': 'Lack of authentication checks on '
'/terminal/ws WebSocket endpoint'},
'recommendations': ['Upgrade to Marimo version 0.23.0 or later',
'Rotate all exposed credentials (e.g., AWS keys)',
'Review logs for unauthorized access to /terminal/ws '
'endpoint',
'Monitor for unusual activity in cloud environments',
'Implement stricter authentication for WebSocket '
'endpoints'],
'references': [{'source': 'Sysdig'}],
'response': {'containment_measures': 'Patch released (version 0.23.0)',
'remediation_measures': 'Rotate exposed credentials, review logs '
'for unauthorized access',
'third_party_assistance': 'Sysdig (security firm)'},
'title': 'Critical Marimo RCE Vulnerability Exploited Within Hours of '
'Disclosure',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-39987 (CVSS 9.3)'}