A critical security vulnerability in Marimo, an open-source Python notebook for data science and analytics, was exploited within 10 hours of its publication, according to Sysdig findings.
The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability that affects all versions of Marimo prior to 0.20.4. This issue was resolved in version 0.23.0.
“The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands,” Marimo maintainers said in an advisory earlier this week.
“Unlike other WebSocket endpoints (such as /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks execution mode and platform support before accepting a connection, skipping authentication validation entirely.”
This means that an attacker can obtain a fully interactive shell on an exposed Marimo instance through a single WebSocket connection without requiring any credentials.
Sysdig said it observed the first exploitation attempt targeting this vulnerability within 9 hours and 41 minutes of its disclosure, and observed credential theft operations performed within minutes, even though proof-of-concept (PoC) code was not available at the time.
The unknown actor behind this activity is said to have connected to the /terminal/ws WebSocket endpoint on the honeypot system, began manual reconnaissance, explored the file system, and after several minutes systematically attempted to collect data from .env files, search for SSH keys, and read various files.
The attacker returned to the honeypot an hour later and accessed the contents of the .env file to determine whether other threat actors were active during that time. No other payloads such as cryptocurrency miners or backdoors are installed.
“The attackers proceeded to construct a working exploit directly from the advisory description, connect to an unauthenticated device endpoint, and manually explore the compromised environment,” the cloud security firm said. “The attacker connected four times in 90 minutes, with pauses between sessions, consistent with the human operator going through the list of targets and returning to confirm the results.”
The speed at which newly disclosed flaws are weaponized indicates that threat actors are closely monitoring vulnerability disclosures and quickly exploiting them in the period between disclosure and patching. This reduces the time defenders have to respond after a vulnerability is disclosed.
“The assumption that attackers will only target widely deployed platforms is incorrect. Any internet-facing application that has a critical advisory will be targeted, regardless of its popularity.”
Source link
