Critical Marimo Python Notebook RCE Vulnerability (CVE-2026-39987) Exploited Within 10 Hours of Disclosure - Rescana

Cybersecurity Incident Analysis Apr 1, 2026 4 min read ← All posts Critical Marimo Python Notebook RCE Vulnerability (CVE-2026-39987) Exploited Within 10 Hours of Disclosure Executive Summary A critical remote code execution (RCE) vulnerability, CVE-2026-39987, has been identified in Marimo, an open-source reactive Python notebook platform. This flaw, which carries a CVSS score of 9.3, enables unauthenticated attackers to gain full shell access to affected systems via a misconfigured WebSocket endpoint. Notably, exploitation in the wild was observed less than 10 hours after public disclosure, underscoring the urgency and severity of the threat. This advisory provides a comprehensive technical analysis of the vulnerability, details on threat actor tactics, exploitation evidence, victimology, and actionable mitigation guidance. Immediate patching and forensic review are strongly recommended for all organizations running vulnerable versions of Marimo. Threat Actor Profile The initial exploitation of CVE-2026-39987 was attributed to opportunistic threat actors rather than a known advanced persistent threat (APT) group. Analysis of the attack timeline and behavior indicates that the actors were highly responsive to public disclosures, leveraging technical details from advisories to construct working exploits in real time. The observed activity was manual and exploratory, with attackers focusing on credential harvesting and reconnaissance rather than deploying automated payloads or persistent malware. This rapid exploitation cycle is consistent with the broader trend of cybercriminals and security researchers racing to weaponize newly disclosed vulnerabilities, particularly those affecting internet-exposed development tools and platforms. Technical Analysis of Malware/TTPs The vulnerability resides in the /terminal/ws WebSocket endpoint of Marimo. Unlike other endpoints, such as /ws, which invoke the validate_auth() function to enforce authentication, /terminal/ws omits this critical check. As a result, any remote user can establish a WebSocket connection and obtain a fully interactive pseudo-terminal (PTY) shell on the underlying host system. This shell provides the attacker with the ability to execute arbitrary system commands with the privileges of the Marimo process. The technical root cause is a classic case of CWE-306: Missing Authentication for Critical Function. The endpoint only verifies the running mode and platform support, failing to restrict access based on user credentials or session state. This oversight exposes the host to complete compromise, including the potential for lateral movement, data exfiltration, and further post-exploitation activities. During observed attacks, threat actors connected to the vulnerable endpoint and performed manual reconnaissance. Actions included reading environment configuration files (such as .env), searching for SSH private keys, and exploring the file system for sensitive data. No evidence of automated malware deployment, cryptominers, or persistent backdoors was found in the initial wave of exploitation. The attackers’ tactics, techniques, and procedures (TTPs) mapped to the following MITRE ATT&CK techniques: T1190 (Exploit Public-Facing Application) for initial access, T1552 (Unsecured Credentials) for credential harvesting, and T1083 (File and Directory Discovery) for system exploration. A proof-of-concept exploit was rapidly developed based on the public advisory, demonstrating the ease with which attackers could weaponize the flaw. The exploit leverages the websocket Python library to connect to the vulnerable endpoint, send shell commands, and receive output, effectively granting remote shell access without authentication. Exploitation in the Wild Exploitation of CVE-2026-39987 was first observed by the Sysdig Threat Research Team less than 10 hours after the vulnerability’s public disclosure. Attackers scanned for internet-exposed Marimo instances and established WebSocket connections to the /terminal/ws endpoint. Over a 90-minute window, four distinct connections were recorded, each exhibiting manual operator behavior rather than automated scanning or exploitation. The attackers’ primary objectives were reconnaissance and credential theft. They accessed .env files, which often contain sensitive environment variables such as database credentials, API keys, and secret tokens. Additionally, they searched for SSH private keys, which could facilitate further lateral movement or unauthorized access to other systems. No evidence was found of secondary payloads, such as cryptominers or ransomware, in the initial attacks. The focus on credential harvesting suggests that the attackers intended to monetize access or sell credentials on underground forums. The rapid exploitation timeline highlights the shrinking window between vulnerability disclosure and active attacks, even for niche platforms like Marimo. Organizations running internet-exposed development tools must prioritize rapid patching and proactive monitoring to mitigate such threats. Victimology and Targeting The primary targets of this exploitation campaign were organizations and individuals running vulnerable versions of Marimo (prior to 0.23.0) with the /terminal/ws endpoint exposed to the internet. Marimo is commonly used by data scientists, researchers, and developers for interactive Python workflows, making academic institutions, research labs, and technology companies the most likely victims. Analysis of attack telemetry indicates that the threat actors did not discriminate based on geography or industry vertical; rather, they opportunistically targeted any accessible instance. The lack of automated payloads or persistent malware suggests that the attackers were focused on harvesting credentials and sensitive data for later use or resale. Organizations with weak perimeter controls, insufficient network segmentation, or inadequate monitoring were at heightened risk. Mitigation and Countermeasures Immediate action is required to mitigate the risk posed by CVE-2026-39987. All organizations running Marimo must upgrade to version 0.23.0 or later, which includes the necessary authentication checks for the /terminal/ws endpoint. Administrators should audit server logs for unauthorized access attempts to this endpoint, particularly unauthenticated WebSocket connections from external IP addresses. A comprehensive review of potentially compromised credentials is essential. This includes checking for unauthorized access to .env files, SSH private keys, and other sensitive artifacts. If compromise is suspected, rotate all affected credentials and keys, and consider conducting a full forensic investigation to assess the scope of the breach. Additional countermeasures include restricting network access to Marimo instances using firewalls or VPNs, enforcing strong authentication and access controls, and monitoring for anomalous activity on development and research infrastructure. Regular vulnerability scanning and prompt application of security patches are critical to reducing exposure to rapidly exploited flaws. References NVD CVE-2026-39987, The Hacker News – Marimo RCE Flaw Exploited Within 10 Hours, Sysdig Blog – Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours, GitHub Security Advisory GHSA-2679-6mx9-h9xc, Patch Commit, Reddit InfoSecNews Thread, Pentest-Tools Advisory About Rescana Rescana delivers advanced third-party risk management (TPRM) solutions, empowering organizations to continuously monitor, assess, and mitigate cyber risks across their digital supply chain. Our platform leverages real-time threat intelligence, automated risk scoring, and actionable insights to help security teams stay ahead of emerging threats and regulatory requirements. For more information or to discuss how Rescana can support your cybersecurity program, we are happy to answer questions at ops@rescana.com. Cybersecurity Incident Analysis Recent Posts See All → Apr 1, 2026 Hims & Hers Zendesk Data Breach 2026: Okta SSO Compromise Exposes Sensitive Customer Support Information Mar 26, 2026 For retailers: Suppliers of POS, OMS and CRM systems are not ‘Third Party’, they are actually ‘Teammates’ Mar 18, 2026 Outpost24 C-Suite Spearphishing Incident: Analysis of 7-Stage Social Engineering Attack in March 2026