CVE-2026-39987: Marimo RCE exploited in hours after disclosure

A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure.

A critical flaw in Marimo, tracked as CVE-2026-39987 (CVSS score of 9.3) was exploited just 10 hours after disclosure (On April 8, 2026). Sysdig Threat Research Team observed exploitation of the Marimo flaw within 9 hours and 41 minutes of disclosure, with credential theft completed in under 3 minutes, despite no public exploit code.

Marimo is an open-source Python notebook tool used for data science, analysis, and interactive coding.

The bug allows pre-authenticated remote code execution and affects versions up to 0.20.4. Version 0.23.0 addressed the issue.

“Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands.” reads the advisory. “Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification.”

According to Sysdig , attackers built the exploit directly from the advisory, showing high speed and skill. The case highlights how threat actors now monitor even niche software and may use AI to rapidly develop exploits, accelerating attacks beyond previous cases like Langflow.

“Within 9 hours and 41 minutes of the vulnerability advisory’s publication, the Sysdig Threat Research Team (TRT) observed the first exploitation attempt in the wild, and a complete credential theft operation was executed in under 3 minutes. No public proof-of-concept (PoC) code existed at the time. The attacker built a working exploit directly from the advisory description, connected to the unauthenticated terminal endpoint, and began manually exploring the compromised environment.” reads the report published by Sysdig. “This also recently happened with a Langflow flaw (CVE-2026-33017), where, with no public exploit, the vulnerability was exploited within 20 hours. This marimo vulnerability exploitation cuts that time in less than half.”

What makes this case notable is that Marimo is a relatively niche tool, with approximately 20k GitHub stars, far smaller than platforms like Langflow or n8n. Despite this, the Sysdig Threat Research Team observed rapid exploitation, indicating that attackers monitor advisories broadly and can weaponize flaws within hours, likely aided by AI. Honeypots confirmed how quickly an attacker moved from access to credential theft within minutes.

“Over the first 12 hours following advisory publication, we recorded exploit activity from one source IP targeting our honeypot fleet. An additional 125 unique IPs conducted reconnaissance (port scanning, HTTP probing), but only one progressed to actual exploitation of the WebSocket terminal vulnerability.” continues the advisory.

The attack pattern points to a human, methodical operator rather than automation. The attacker first validated the flaw with a scripted PoC, then manually accessed systems, focusing on stealing .env credentials and SSH keys without deploying persistence or malware. Multiple sessions over 90 minutes suggest hands-on activity across targets.

According to the Sysdig Threat Research Team, this reflects a broader trend: exploitation now happens within hours of disclosure. Even niche software like Marimo was quickly targeted, proving attackers monitor all advisories and may leverage AI to build exploits fast.

For defenders, this means no software is “too small” to be attacked, detailed advisories can aid attackers, CVE-based detection may miss threats, and interactive shells enable faster, deeper post-exploitation.

The report includes indicators of compromise (IoCs) for these attacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Marimo)