Critical Marimo RCE Vulnerability Exploited Within 10 Hours of Disclosure
A critical security flaw in Marimo, an open-source reactive Python notebook platform, was exploited by attackers less than 10 hours after its disclosure, leading to the theft of sensitive cloud credentials. This incident underscores the rapid pace at which threat actors can weaponize newly discovered vulnerabilities.
Vulnerability Details
The vulnerability, identified as CVE-2026-39987 (formerly GHSA-2679-6mx9-h9xc), carries a Critical CVSS v4.0 score of 9.3. It is a pre-authentication Remote Code Execution (RCE) flaw affecting the `/terminal/ws` WebSocket endpoint of the Marimo application. Unlike other WebSocket endpoints that enforce authentication through the `validate_auth()` function, the `/terminal/ws` path lacks this validation.
This oversight allows unauthenticated attackers to establish a WebSocket connection and gain access to a full interactive pseudo-terminal (PTY) shell. Operating with the same privileges as the Marimo process, attackers can execute arbitrary system commands and navigate the host system without the need for complex payloads.
Exploitation Timeline
The vulnerability was publicly disclosed, and within 9 hours and 41 minutes, attackers had successfully exploited it. Notably, no public proof-of-concept (PoC) code was available at the time. The attackers manually developed an exploit based on the technical details provided in the advisory.
Upon gaining access, the attackers executed a validation script before conducting manual reconnaissance. Within three minutes, they located and exfiltrated the `.env` file, which contained critical AWS access keys and application secrets.
Implications and Recommendations
This incident highlights that threat actors actively monitor security advisories to target niche software platforms like Marimo, which has approximately 20,000 GitHub stars. Versions up to and including 0.20.4 are affected by this vulnerability.
To mitigate the risk, security teams should take the following actions:
– Update Marimo Installations: Immediately upgrade to version 0.23.0 or later, which addresses this vulnerability.
– Restrict Network Access: If immediate patching isn’t feasible, limit external network access to the `/terminal/ws` endpoint.
– Audit Environment Variables: Review environment variables and `.env` files on any previously exposed Marimo instances to identify potential compromises.
– Rotate Credentials: Change all potentially compromised AWS credentials, API keys, database passwords, and SSH keys to prevent unauthorized access.
– Implement Authentication Layers: Before exposing notebook platforms to the internet, set up authentication layers or reverse proxies to enhance security.
Indicator of Compromise
The IP address `49.207.56[.]74` has been identified as the source of the exploitation attempts, specifically targeting the WebSocket terminal to steal credentials.
Conclusion
The swift exploitation of the Marimo RCE vulnerability serves as a stark reminder of the importance of prompt vulnerability management and the need for robust security measures to protect sensitive information.
