Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
[POC] CVE-2026-39987 — CVE-2026-39987
CVE-2026-39987 - Draft
[POC] CVE-2026-39987 — CVE-2026-39987-POC
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
[POC] CVE-2026-39987 — CVE-2026-39987-marimo-rce
CVE-2026-39987
[POC] CVE-2026-39987 — CVE-2026-39987
Marimo Pre-Auth RCE
[POC] CVE-2026-39987 — CVE-2026-39987
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability
[POC] CVE-2026-39987 — CVE-2026-39987
CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0.
[POC] CVE-2026-39987 — marimo_CVE-2026-39987_RCE_PoC
CVE-2026-39987 - Marimo < 0.23.0 Pre-Auth RCE (WebSocket) PoC de explotación - Conecta a /terminal/ws sin autenticación Author: Fevar54 Date: 2026-04-13 Severity: CRITICAL CVSS: 9.3
[POC] CVE-2026-39987 — CVE-2026-39987
CVE-2026-39987
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free