CVE-2026-39987

CVE-2026-39987 is a pre-authentication remote code execution (RCE) vulnerability in marimo, a reactive Python notebook, affecting versions prior to 0.23.0. The issue stems from the terminal WebSocket endpoint at /terminal/ws, which lacks authentication validation. Unlike other endpoints such as /ws that properly call validate_auth(), this endpoint only verifies the running mode and platform support before accepting connections, enabling unauthenticated access.

An unauthenticated attacker with network access to a vulnerable marimo instance can connect directly to the /terminal/ws endpoint, obtain a full PTY shell, and execute arbitrary system commands on the host system. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-306 (Missing Authentication for Critical Function), allowing high confidentiality, integrity, and availability impacts without user interaction.

Marimo addressed the vulnerability in version 0.23.0, with the fix implemented via GitHub commit c24d4806398f30be6b12acd6c60d1d7c68cfd12a and pull request #9098, as documented in the project's security advisory GHSA-2679-6mx9-h9xc.

The flaw saw rapid real-world exploitation, with exploits developed and demonstrated within under 10 hours of disclosure per a Sysdig analysis, and it is included in the CISA Known Exploited Vulnerabilities Catalog.