A recently disclosed vulnerability in the Marimo open-source Python notebook platform is under active exploitation, posing a significant threat to users. The flaw, identified as CVE-2026-39987, allows remote code execution without requiring authentication in versions 0.20.4 and earlier. Rated as critical with a severity score of 9.3, this vulnerability exposes the WebSocket endpoint '/terminal/ws,' permitting unauthorized access to an interactive terminal.
Just hours after the vulnerability was made public, attackers began exploiting it to exfiltrate sensitive information. The team at Sysdig, a cloud-security company, observed that attackers leveraged the developer's advisory to craft an exploit, leading to immediate attempts to steal credentials. The platform, popular among data scientists, machine learning practitioners, and developers, boasts over 20,000 GitHub stars and 1,000 forks, making it a notable target.
The attack sequence involved validating the vulnerability, followed by manual reconnaissance using basic commands. The attackers focused on extracting environment variables, including cloud credentials and application secrets from the .env file, and probed for SSH keys. This phase of the attack was executed swiftly, completing in under three minutes, indicating a methodical and hands-on approach rather than automated scripts.
Marimo has responded by releasing version 0.23.0 to patch the vulnerability. Users are urged to upgrade immediately, monitor WebSocket connections, restrict external access with firewalls, and rotate any exposed secrets. For those unable to upgrade, blocking or disabling access to the '/terminal/ws' endpoint is recommended as a mitigation measure.


