In a swift turn of events, hackers have begun exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform. This flaw, identified as CVE-2026-39987, allows for remote code execution without the need for authentication, affecting Marimo versions 0.20.4 and earlier. GitHub has rated this security issue with a severity score of 9.3 out of 10, underscoring its potential impact.
The vulnerability originates from the WebSocket endpoint '/terminal/ws,' which exposes an interactive terminal without proper authentication checks. This oversight grants unauthorized users access to a fully interactive shell with the same privileges as the Marimo process. Within just hours of the flaw's disclosure, attackers began leveraging it to extract sensitive information.
Marimo, a popular tool among data scientists, machine learning practitioners, and developers, released version 0.23.0 on April 8 to address this issue. The developers have advised that the vulnerability particularly affects users who deployed Marimo as an editable notebook and those exposing it to a shared network.
According to cloud-security firm Sysdig, reconnaissance activity from 125 different IP addresses was detected within 12 hours of the vulnerability's disclosure. The first exploitation attempt, aimed at credential theft, occurred less than 10 hours after the flaw was made public. The attackers executed a series of commands to validate and exploit the vulnerability, quickly harvesting credentials such as cloud credentials and application secrets from the .env file.
The attackers, described as methodical operators, did not attempt to install persistent threats such as cryptominers or backdoors, indicating a focus on stealth and speed. Marimo users are strongly encouraged to upgrade to version 0.23.0 immediately, monitor WebSocket connections, and take additional protective measures such as restricting external access and rotating exposed secrets.


