Marimo Vulnerability Under Active Exploit for Credential Theft

A critical pre-authentication remote code execution (RCE) vulnerability in the open-source reactive Python notebook platform, Marimo, is currently being actively exploited. Cyber Threat Intelligence reports indicate that attackers began leveraging this flaw, tracked as CVE-2026-39987, mere hours after its public disclosure. The vulnerability affects Marimo versions 0.20.4 and earlier, and has been assigned a critical severity score of 9.3 by GitHub.

According to cloud-security firm Sysdig, threat actors developed an exploit based on information from the developer’s advisory and immediately deployed it in attacks aimed at credential theft. The root cause is identified as an insecure WebSocket endpoint (‘/terminal/ws’) that exposes an interactive terminal without adequate authentication. This allows unauthenticated clients to gain direct access to a full interactive shell, operating with the same privileges as the Marimo process.

Marimo developers released version 0.23.0 on April 9th to patch this vulnerability. The issue primarily impacts users who deployed Marimo as an editable notebook or exposed it to a shared network using the --host 0.0.0.0 flag while in edit mode. Sysdig observed significant reconnaissance activity within 12 hours of disclosure, with initial exploitation attempts targeting credential theft occurring in under 10 hours.