A critical remote code execution vulnerability in Marimo, an open source Python notebook platform used for data science and analysis, has been actively exploited within a very short time after public disclosure. Security researchers at Sysdig reported that exploitation attempts were observed within 10 hours of the vulnerability becoming publicly known, highlighting the rapid pace at which attackers are now operationalizing newly disclosed security flaws. The vulnerability is tracked as CVE-2026-39987 with a CVSS score of 9.3 and affects all versions of Marimo prior to and including version 0.20.4. The issue has been resolved in version 0.23.0.
The vulnerability stems from an authentication failure in the terminal WebSocket endpoint /terminal/ws. According to maintainers, this endpoint does not enforce authentication validation, unlike other WebSocket endpoints such as /ws that correctly call validate_auth() before allowing access. Instead, /terminal/ws only checks the running mode and platform compatibility before accepting connections, effectively bypassing authentication controls entirely. This design flaw allows an unauthenticated attacker to connect directly to the endpoint and obtain a full pseudo terminal shell, enabling execution of arbitrary system level commands on exposed instances without requiring any credentials.
Security researchers observed that exploitation activity began extremely quickly after disclosure, with Sysdig identifying the first attempt within approximately 9 hours and 41 minutes. The attacker leveraged the vulnerability without the aid of any publicly available proof of concept code at the time, indicating that the exploit was manually developed based on advisory details. In the observed incident, the attacker connected to a honeypot system via the vulnerable /terminal/ws WebSocket endpoint and immediately began manual reconnaissance activities. These included exploring the file system structure and attempting to locate sensitive data sources such as environment configuration files and SSH keys.
The activity escalated within minutes as the attacker attempted to extract information from the .env file and conduct broader system searches. Researchers noted that the attacker returned to the compromised environment roughly an hour later to re access the .env file contents and assess whether other malicious actors were interacting with the system during the same time frame. The session pattern included four separate connections over a 90 minute window, with pauses between each interaction, suggesting a human operator actively managing the exploitation process. Despite gaining access, the attacker did not deploy additional payloads such as cryptocurrency miners or persistent backdoors, focusing instead on credential theft and system reconnaissance.
The speed of exploitation has raised concerns within the cybersecurity community regarding the shrinking window between vulnerability disclosure and active weaponization. The findings indicate that threat actors are continuously monitoring security advisories and rapidly converting technical details into functional exploits, often before organizations have sufficient time to deploy patches. Researchers emphasized that this behavior is not limited to widely used platforms, noting that any internet facing application with a critical vulnerability disclosure can become a target regardless of its popularity. This trend significantly reduces response time for defenders and increases exposure risk immediately following public disclosure of high severity vulnerabilities.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
