CVE-2026-39987
Received Received - Intake
Pre-Auth Remote Code Execution in Marimo Terminal WebSocket

Publication date: 2026-04-09

Last updated on: 2026-04-23

Assigner: GitHub, Inc.

Description
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39987
EUVD
EUVD-2026-20980
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coreweave marimo to 0.23.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39987 is a critical Pre-Authentication Remote Code Execution (RCE) vulnerability in the Marimo Python notebook project prior to version 0.23.0.

The vulnerability exists because the terminal WebSocket endpoint (/terminal/ws) does not perform proper authentication validation. Unlike other WebSocket endpoints that call a validate_auth() function to verify authentication tokens, this endpoint only checks the running mode and platform support, completely skipping authentication.

As a result, an unauthenticated attacker can connect to the /terminal/ws endpoint, obtain a full pseudo-terminal (PTY) shell, and execute arbitrary system commands remotely with potentially root privileges.

The issue was fixed in version 0.23.0 by adding an authentication check that validates access tokens before allowing terminal access, closing unauthorized connections immediately.

Impact Analysis

This vulnerability allows an unauthenticated attacker to gain full remote code execution on the affected Marimo server.

Specifically, the attacker can open a WebSocket connection to the /terminal/ws endpoint and obtain a full interactive shell (PTY) on the server.

Commands executed through this shell run with the privileges of the Marimo process, which in default Docker deployments can be root, allowing complete control over the system.

This can lead to unauthorized data access, system compromise, and potentially full takeover of the host running Marimo.

Detection Guidance

This vulnerability can be detected by attempting to connect to the vulnerable WebSocket endpoint `/terminal/ws` without authentication and observing if the connection is accepted and a shell is provided.

A practical detection method is to use a WebSocket client to connect to the endpoint on the target system's port (default 2718) and check if the connection is established without providing any authentication token.

For example, using a Python script with the `websocket` library, you can attempt to connect to `ws://TARGET:2718/terminal/ws` without any access token and try to execute commands. If commands execute successfully, the system is vulnerable.

Alternatively, you can use command-line tools like `websocat` or `wscat` to connect to the WebSocket endpoint and observe if the connection is accepted without authentication.

  • Example command using websocat: `websocat ws://TARGET:2718/terminal/ws`
  • If the connection is accepted and a shell prompt appears or commands can be executed, the vulnerability is present.
Mitigation Strategies

The immediate mitigation step is to upgrade marimo to version 0.23.0 or later, where the vulnerability is fixed by enforcing authentication on the `/terminal/ws` WebSocket endpoint.

The fix involves adding an authentication validation step that calls `validate_auth()` before allowing WebSocket connections to the terminal endpoint. Connections failing authentication are closed with a specific unauthorized code.

If upgrading immediately is not possible, restrict network access to the marimo service, especially blocking access to port 2718 or the `/terminal/ws` endpoint from untrusted networks.

Avoid running marimo with the `--host 0.0.0.0` option on public or shared networks to reduce exposure.

Ensure that terminal functionality is disabled or restricted unless explicitly required.

Compliance Impact

CVE-2026-39987 allows unauthenticated remote code execution via the terminal WebSocket endpoint in Marimo, enabling attackers to gain full root shell access without authentication.

Such unauthorized access to systems can lead to severe data breaches, unauthorized data manipulation, and loss of system integrity, which directly impacts compliance with standards like GDPR and HIPAA that require strict access controls and protection of sensitive data.

Failure to enforce authentication and prevent unauthorized access could result in violations of these regulations, potentially leading to legal penalties, reputational damage, and loss of trust.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39987. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart