What is CVE-2026-39987 in Marimo?

Unauthenticated RCE via terminal WebSocket. Skips auth checks, hands attackers a shell.

How quickly was the Marimo flaw exploited?

9 hours, 41 minutes post-disclosure. No PoC; attacker crafted from advisory.

How do I fix the Marimo vulnerability?

Update to 0.23.0 or later. Pip install --upgrade marimo.

Hackers Crack Marimo's Critical Flaw in Under 10 Hours—No PoC Needed

Picture this: a hacker slips into a Python notebook's terminal, grabs credentials, and vanishes—all in minutes, nine hours after the bug drops. Marimo's critical flaw proves open-source speed cuts both ways.

theAIcatchup Apr 10, 2026 3 min read

Hacker terminal exploiting Marimo WebSocket vulnerability with code scrolling

⚡ Key Takeaways

Threat actor exploited Marimo's CVE-2026-39987 in under 10 hours without a public PoC. 𝕏
Attack involved manual recon and credential theft via unauthenticated terminal endpoint. 𝕏
All versions up to 0.20.4 affected; upgrade to 0.23.0+ immediately. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#CVE-2026-39987 #Marimo vulnerability #RCE exploit #Sysdig honeypot #Sysdig report

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SecurityWeek

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Flowise's Perfect-Score Flaw CVE-2025-59528: Attackers Already Inside

Flowise's RCE Nightmare: 15,000 Exposed Servers in Hackers' Sights

Flowise's Perfect-10 RCE Flaw Goes Live: 15,000 Exposed Servers in the Crosshairs

F5 BIG-IP RCE Bug Sparks Patch Panic

Stay in the loop