CVE-2026-39987
CISA KEVCritical pre-authentication remote code execution vulnerability in Marimo, an open-source reactive Python notebook platform (~20,000 GitHub stars). The terminal WebSocket endpoint at /terminal/ws in marimo/_server/api/endpoints/terminal.py performs no authentication check, unlike the primary /ws endpoint which invokes WebSocketConnectionValidator.validate_auth(). Any unauthenticated attacker can complete a WebSocket handshake and obtain a full interactive PTY shell executing commands as the Marimo process user — typically root in default Docker deployments. Active exploitation observed just 9 hours 41 minutes after the GitHub security advisory (GHSA-2679-6mx9-h9xc) was published on April 8, 2026. Threat actor from IP 49.207.56.74 conducted scripted PoC validation, manual filesystem reconnaissance, and targeted credential harvesting extracting .env files containing AWS API keys. Endor Labs found 30 of 186 internet-reachable instances (16%) accepted unauthenticated WebSocket handshakes. CISA added to KEV with remediation deadline of April 11, 2026. Fixed in Marimo v0.23.0 (PR #9098, commit c24d4806).
Weaknesses (CWE)
CWE-306
Threats tracking this CVE
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-39987
- https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
- https://github.com/marimo-team/marimo/pull/9098
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog