The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

InfoWorld is a source of news, analysis, and commentary on technology trends, IT strategies, and business innovation. With a focus on enterprise technology and digital transformation, InfoWorld offers insights and guidance for IT decision-makers, software developers, and technology professionals. From  articles on cloud computing and cybersecurity to product reviews and industry trends, InfoWorld helps readers navigate the complexities of modern IT environments and make informed decisions to drive business success.

InfoWorld

A critical pre-authentication remote code execution vulnerability (CVE-2026-39987, CVSS 9.3) in Marimo, an open-source Python notebook platform owned by CoreWeave, was exploited in the wild less than 10 hours after public disclosure. The flaw resides in the terminal WebSocket endpoint (/terminal/ws), which lacked authentication, allowing any unauthenticated attacker to gain a full interactive shell. Sysdig researchers deployed honeypots and observed an attacker steal AWS credentials and API tokens in under three minutes across four sessions. The incident mirrors a broader pattern of rapid exploitation of AI-adjacent developer tools like Langflow, MLflow, and n8n. Organizations should upgrade to Marimo 0.23.0 immediately, restrict external access, and rotate any credentials stored on exposed instances.

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure