A threat actor built an exploit for a critical-severity vulnerability in Marimo and started using it in attacks roughly nine hours after the bug’s public disclosure, cloud security firm Sysdig reports.
Marimo is an open source reactive notebook for Python designed to ensure that code, outputs, and program state remain consistent. It has approximately 20,000 stars on GitHub.
On April 8, the platform’s maintainers disclosed CVE-2026-39987 (CVSS score of 9.3), an unauthenticated remote code execution (RCE) flaw rooted in the lack of authentication validation in the terminal WebSocket endpoint.
The issue could allow attackers to obtain a full interactive shell without authentication, leading to arbitrary system command execution.
“Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification,” Marimo’s maintainers explain.
According to Sysdig, the first exploitation of the bug was observed 9 hours and 41 minutes after the advisory was published. Although no proof-of-concept (PoC) had been published, the attacker created a functional exploit and used it to steal credentials.
“The attacker built a working exploit directly from the advisory description, connected to the unauthenticated terminal endpoint, and began manually exploring the compromised environment,” Sysdig notes.
The cybersecurity firm says it has observed exploitation activity from a single IP address, but an additional 125 addresses were involved in reconnaissance operations, such as port scanning and HTTP probing.
As part of the attack caught by a Sysdig honeypot, the threat actor connected to the vulnerable terminal WebSocket endpoint, performed manual reconnaissance two minutes later, and returned six minutes later to exfiltrate credential-containing files.
Furthermore, the attacker was seen attempting to read every file in the targeted directory and searching for SSH keys. The entire operation, Sysdig says, was over within three minutes.
All Marimo releases up to version 0.20.4 are affected by CVE-2026-39987. Users are advised to update to version 0.23.0 or newer, which contains patches for the bug.
Related: Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
Related: Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Related: Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
Related: RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
