marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
| Vendor | Product | Versions |
|---|---|---|
| coreweave | marimo | pip/marimo: < 0.23.0 |
Updated description with detailed attack methods and added new IoC and tags related to NKAbuse malware and Hugging Face.
Updated vendor to CoreWeave, added detailed description of the vulnerability, and confirmed CVSS score as 9.3.
Updated description with additional context on exploitation and added new affected version 0.23.1 along with observed attack IPs.
Updated description with additional technical details and added information about affected versions and reconnaissance activity from 125 IP addresses.
Updated CVSS score to 9.3 and confirmed exploit availability.
Updated CVSS score to 9.3, added affected versions up to 0.20.4, and included details about exploitation activity and a new CVE ID.
Updated severity to CRITICAL, marked as actively exploited, and provided a new description with details about CVE-2026-39987.
Initial creation
