Critical Pre‑Auth RCE in Marimo Notebook (CVE‑2026‑39987) Exploited Within 10 Hours
What It Is – A pre‑authenticated remote code execution flaw (CVE‑2026‑39987) in Marimo, the open‑source Python notebook used for data‑science workflows. The vulnerability scores 9.3 on the CVSS v3.1 scale and allows an attacker who can reach the notebook’s HTTP endpoint to execute arbitrary commands on the host.
Exploitability – Sysdig observed active exploitation within 10 hours of public disclosure. Proof‑of‑concept code is publicly available, and several exploit kits have incorporated the bug.
Affected Products – All Marimo releases up to and including the latest version prior to the emergency patch (exact version numbers not disclosed). The issue impacts any environment where Marimo is exposed over a network—on‑premise servers, cloud VMs, or SaaS platforms that embed the notebook.
TPRM Impact –
- Third‑party data‑science platforms that bundle Marimo become a supply‑chain attack surface.
- Compromise of a notebook can lead to lateral movement into adjacent services, exposing proprietary models, datasets, and credentials.
- Organizations that outsource analytics to vendors using Marimo may inherit the risk without direct visibility.
Recommended Actions –
- Patch immediately – Apply the upstream security release (or upgrade to the latest Marimo version) as soon as it is available.
- Restrict network exposure – Place notebooks behind internal firewalls, VPNs, or zero‑trust gateways; block inbound traffic from the internet.
- Enable runtime monitoring – Deploy container‑level security tools (e.g., Sysdig, Falco) to detect anomalous exec calls.
- Audit notebook usage – Identify all internal and third‑party services that run Marimo; inventory versions and apply compensating controls where patching is delayed.
- Review credential storage – Ensure that any secrets used within notebooks are stored in vaults, not hard‑coded.
Source: The Hacker News