Attackers began exploiting a critical unauthenticated remote code execution flaw in the Marimo Python notebook platform just ten hours after its public disclosure. Tracked as CVE-2026-39987 with a critical score of 9.3, the vulnerability affects versions 0.20.4 and earlier, stemming from a WebSocket endpoint that exposes an interactive terminal without proper authentication checks. The flaw impacts users who deploy Marimo as an editable notebook exposed to shared networks using host configuration.
Within twelve hours of disclosure, 125 IP addresses initiated reconnaissance activity, followed by the first credential theft exploitation attempt. Attackers connected to the vulnerable endpoint, validated remote command execution, then conducted manual reconnaissance using basic commands before targeting environment variable files for cloud credentials and application secrets. The entire credential access phase completed in under three minutes, with a second exploitation session occurring roughly an hour later.
Sysdig researchers characterized the attacker as a methodical operator using hands-on techniques rather than automated scripts, focusing on high-value objectives without installing persistence or backdoors. Marimo released version 0.23.0 on April 8 to address the flaw, which affects approximately 20,000 GitHub stars worth of deployments. Users are urged to upgrade immediately, monitor WebSocket connections to the vulnerable endpoint, restrict external access via firewalls, and rotate exposed secrets. Blocking access to the terminal endpoint entirely serves as an effective mitigation for those unable to upgrade.
Read more...