Pre-Authentication Remote Code Execution in Marimo Python Notebook
CVE-2026-39987

9.3CRITICAL

Key Information:

Vendor

Marimo-team

Status
Marimo
Vendor
CVE Published:
9 April 2026

What is CVE-2026-39987?

Marimo, a reactive Python notebook, exhibits a significant security vulnerability prior to version 0.23.0. The terminal WebSocket endpoint (/terminal/ws) allows unauthenticated access, enabling attackers to gain a complete pseudo-terminal shell and execute arbitrary commands on the host system. Unlike other WebSocket endpoints that correctly enforce authentication using validate_auth(), this specific endpoint bypasses such checks, offering a straightforward path for exploitation. This serious oversight has been addressed in the recent update, 0.23.0, which reinforces authentication measures.

Affected Version(s)

marimo < 0.23.0

References

https://github.com/marimo-team/marimo/security/advisories...
x_refsource_CONFIRM
https://github.com/marimo-team/marimo/pull/9098
x_refsource_MISC
https://github.com/marimo-team/marimo/commit/c24d4806398f...
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.