CVE-2026-39987
Pre-Auth Remote Code Execution in Marimo Terminal WebSocket
Publication date: 2026-04-09
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coreweave | marimo | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-39987 allows unauthenticated remote code execution via the terminal WebSocket endpoint in Marimo, enabling attackers to gain full root shell access without authentication.
Such unauthorized access to systems can lead to severe data breaches, unauthorized data manipulation, and loss of system integrity, which directly impacts compliance with standards like GDPR and HIPAA that require strict access controls and protection of sensitive data.
Failure to enforce authentication and prevent unauthorized access could result in violations of these regulations, potentially leading to legal penalties, reputational damage, and loss of trust.
Can you explain this vulnerability to me?
CVE-2026-39987 is a critical Pre-Authentication Remote Code Execution (RCE) vulnerability in the Marimo Python notebook project prior to version 0.23.0.
The vulnerability exists because the terminal WebSocket endpoint (/terminal/ws) does not perform proper authentication validation. Unlike other WebSocket endpoints that call a validate_auth() function to verify authentication tokens, this endpoint only checks the running mode and platform support, completely skipping authentication.
As a result, an unauthenticated attacker can connect to the /terminal/ws endpoint, obtain a full pseudo-terminal (PTY) shell, and execute arbitrary system commands remotely with potentially root privileges.
The issue was fixed in version 0.23.0 by adding an authentication check that validates access tokens before allowing terminal access, closing unauthorized connections immediately.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to gain full remote code execution on the affected Marimo server.
Specifically, the attacker can open a WebSocket connection to the /terminal/ws endpoint and obtain a full interactive shell (PTY) on the server.
Commands executed through this shell run with the privileges of the Marimo process, which in default Docker deployments can be root, allowing complete control over the system.
This can lead to unauthorized data access, system compromise, and potentially full takeover of the host running Marimo.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to connect to the vulnerable WebSocket endpoint `/terminal/ws` without authentication and observing if the connection is accepted and a shell is provided.
A practical detection method is to use a WebSocket client to connect to the endpoint on the target system's port (default 2718) and check if the connection is established without providing any authentication token.
For example, using a Python script with the `websocket` library, you can attempt to connect to `ws://TARGET:2718/terminal/ws` without any access token and try to execute commands. If commands execute successfully, the system is vulnerable.
Alternatively, you can use command-line tools like `websocat` or `wscat` to connect to the WebSocket endpoint and observe if the connection is accepted without authentication.
- Example command using websocat: `websocat ws://TARGET:2718/terminal/ws`
- If the connection is accepted and a shell prompt appears or commands can be executed, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade marimo to version 0.23.0 or later, where the vulnerability is fixed by enforcing authentication on the `/terminal/ws` WebSocket endpoint.
The fix involves adding an authentication validation step that calls `validate_auth()` before allowing WebSocket connections to the terminal endpoint. Connections failing authentication are closed with a specific unauthorized code.
If upgrading immediately is not possible, restrict network access to the marimo service, especially blocking access to port 2718 or the `/terminal/ws` endpoint from untrusted networks.
Avoid running marimo with the `--host 0.0.0.0` option on public or shared networks to reduce exposure.
Ensure that terminal functionality is disabled or restricted unless explicitly required.