In a swift turn of events, a serious vulnerability in the Marimo open-source reactive Python notebook platform has been actively exploited. Just ten hours after the flaw was publicly disclosed, attackers began taking advantage of this remote code execution vulnerability, which does not require authentication. This vulnerability, identified as CVE-2026-39987, affects Marimo versions 0.20.4 and earlier and has been given a critical severity score of 9.3 out of 10 by GitHub.

Researchers from Sysdig, a cloud security firm, reported that attackers crafted an exploit using details from the developer's advisory and launched attacks that targeted sensitive information. Marimo, a platform popular among data scientists and developers, disclosed this flaw on April 8, followed by the release of version 0.23.0 to address the issue. The vulnerability stems from the WebSocket endpoint '/terminal/ws' which exposes an interactive terminal without proper authentication, thus allowing unauthorized access.

Within 12 hours of the vulnerability's disclosure, 125 IP addresses were observed engaging in reconnaissance activities. Less than 10 hours later, the first attempt to exploit the vulnerability for credential theft was detected. Attackers validated the vulnerability through the WebSocket endpoint and quickly moved to extract valuable data such as cloud credentials and application secrets from environment files.

The attack was characterized by a methodical approach, focusing on extracting high-value credentials without deploying persistent threats like cryptominers or backdoors. This indicates a strategic, stealthy operation aimed at quick data exfiltration. Users of Marimo are urged to upgrade to version 0.23.0 immediately, monitor WebSocket connections, restrict external network access, and rotate any potentially exposed credentials. For those unable to upgrade, blocking or disabling access to the '/terminal/ws' endpoint is recommended.