External risk intelligence

Marimo could allow an external attacker to take full control of the server.

CVE advisoryKnown Exploit

CVE-2026-39987

An external attacker can exploit Marimo to bypass security controls and gain full control of the server. This allows them to run unauthorized commands, access sensitive data, and potentially compromise the broader company network.

2Halo Surface Signal

Missing Authentication

Coreweave Marimo

before 0.23.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-39987

Marimo is a reactive Python notebook environment intended for internal data analysis and development rather than public-facing applications. While it includes web and WebSocket endpoints that could be reachable if exposed, such instances are typically kept behind internal networks or access controls, making widespread public internet exposure uncommon.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

Marimo, a reactive Python notebook, has a critical vulnerability that allows unauthenticated attackers to gain shell access and run arbitrary commands. This issue arises because a specific web endpoint does not properly validate user authentication before allowing connections.

  • Allows remote code execution.
  • Affects unauthenticated users.
  • Impacts Marimo notebook environments.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending unauthenticated requests to the `/terminal/ws` endpoint of a vulnerable Marimo instance. This allows them to establish a WebSocket connection and gain a full PTY shell, enabling the execution of arbitrary system commands on the server.

  • No authentication required.
  • Targets WebSocket endpoint.
  • Unauthenticated remote code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability presents a significant risk due to its pre-authentication nature and the ability to achieve remote code execution, granting an attacker a full PTY shell. Although the affected product, Marimo, is typically used in development or internal environments, the direct exploitation path makes it attractive. Attackers are drawn to vulnerabilities that bypass authentication and offer immediate system control.

  • KEV listed: Yes
  • Exploitation observed: Publicly documented
  • Recency signal: Within last 6 months

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate patching of Marimo to version 0.23.0 or later to fix the critical pre-authentication RCE vulnerability. If patching is delayed, isolate affected services to prevent exploitation, and rigorously monitor network traffic for suspicious WebSocket connections to the `/terminal/ws` endpoint. Confirm successful deployment of the patch or the effectiveness of isolation measures.

  • Patch Marimo to version 0.23.0+.
  • Isolate affected Marimo instances.
  • Monitor for `/terminal/ws` connections.

Frequently asked questions

What is marimo and its primary use?

Marimo is a reactive Python notebook that enables users to write and execute code within a web-based interface. It is commonly employed for data analysis, creating visualizations, and building interactive applications.

What is CVE-2026-39987 and its impact on marimo?

CVE-2026-39987 is a critical pre-authentication remote code execution vulnerability. It allows an unauthenticated attacker to gain a full PTY shell and execute arbitrary system commands on a vulnerable Marimo server.

How can an attacker exploit CVE-2026-39987 in marimo?

An attacker can exploit this vulnerability by sending unauthenticated requests to the `/terminal/ws` endpoint. This bypasses the necessary authentication validation, allowing the attacker to establish a WebSocket connection and gain control of the server.

What is the significance of CVE-2026-39987 for security teams?

This vulnerability is significant due to its pre-authentication nature and the direct path to remote code execution, granting attackers shell access without needing credentials. While marimo is often used internally, the ease of exploitation makes it a target.

What steps should be taken to mitigate the risk of CVE-2026-39987?

The primary mitigation is to update marimo to version 0.23.0 or later. If immediate patching is not possible, isolating the affected Marimo services and closely monitoring network traffic for suspicious activity on the `/terminal/ws` endpoint are recommended.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified