CVE-2026-39987: Marimo Remote Code Execution Bug - What It Means for Your Business and How to Respond

Introduction

CVE-2026-39987 is a critical security flaw that has already been exploited in the wild, making it an urgent concern for businesses using data science and analytics workflows. This vulnerability affects Marimo, an open-source Python notebook platform widely adopted by data teams across North America for interactive analysis and reporting. If your organization runs exposed Marimo instances on versions prior to 0.23.0, attackers can gain full system access without any credentials. This post explains why this CVE matters for your business, who is at risk, and what steps you need to take immediately to protect your operations.

S1 — Background & History

CVE-2026-39987 was publicly disclosed on April 9, 2026, affecting the Marimo reactive Python notebook system used extensively in data science workflows. The vulnerability was reported by security researchers who discovered that the terminal WebSocket endpoint lacks proper authentication checks. The CVSS base score is 9.8 out of 10, classified as Critical severity, making it one of the most dangerous vulnerabilities reported this year. The vulnerability type is a pre-authentication remote code execution flaw, which in plain language means attackers can run arbitrary commands on your server without logging in. Key timeline events include exploitation beginning within 10 hours of disclosure, Sysdig reporting active abuse by April 16, 2026, and CISA adding it to the Known Exploited Vulnerabilities catalog on April 23, 2026, with a remediation deadline of May 7, 2026 for federal agencies.

S2 — What This Means for Your Business

This vulnerability poses severe business risks that extend far beyond technical compromise. If attackers exploit CVE-2026-39987 on your systems, they gain complete control over your server, including access to sensitive data, customer information, and proprietary analytics. Your operations could be disrupted as attackers install malware, deploy cryptocurrency miners, or use your infrastructure for malicious activities. Reputation damage follows quickly when customers learn their data was compromised through an unpatched vulnerability, especially one flagged by CISA as actively exploited. Compliance requirements become impossible to meet when you cannot demonstrate adequate security controls, potentially triggering regulatory penalties under GDPR, CCPA, or industry-specific frameworks like HIPAA for healthcare data. Financial losses accumulate from incident response costs, forensic investigations, legal fees, and potential ransom demands. The worst part is that exploitation requires no user interaction and no authentication, meaning attackers can target your systems silently while your team remains unaware until damage occurs.

S3 — Real-World Examples

Regional Financial Institution: A mid-sized bank in Toronto used Marimo for customer risk analytics and fraud detection reports. An attacker exploited CVE-2026-39987 through their exposed notebook server, gaining access to customer financial records and transaction histories. The breach triggered mandatory regulatory notifications under Canadian banking regulations, cost over $500,000 in remediation, and damaged customer trust for months.

Healthcare Analytics Provider: A US-based health data company ran Marimo instances to process patient outcome studies for hospital clients. Attackers executed arbitrary code on their servers, installing the NKAbuse malware variant that uses peer-to-peer networks for command-and-control communication. Patient data confidentiality was compromised, violating HIPAA requirements and resulting in a multi-state investigation with potential fines exceeding $2 million.

Technology Startup: A Series B data analytics startup in Seattle used Marimo internally for product usage analytics and machine learning model development. The vulnerability allowed attackers to steal proprietary algorithms, source code, and customer deployment configurations. The company lost competitive advantage, faced investor scrutiny over security practices, and experienced a 30% drop in valuation during the incident response period.

Accenture-sized Consulting Firm: A professional services firm with multiple Marimo deployments across data science teams discovered exploitation after attackers deployed cryptocurrency mining software that consumed 80% of server capacity. Client project deadlines were missed, billable hours were lost, and three enterprise clients terminated contracts citing inadequate security controls during the breach.

S4 — Am I Affected?

• You are running Marimo version 0.22.x or any earlier version (anything before 0.23.0)

• Your Marimo instance is accessible over the network, either publicly or internally without network segmentation

• You use Marimo for data science, analytics, machine learning development, or interactive reporting

• Your organization processes sensitive data including customer information, financial records, or health data in Marimo notebooks

• You have not applied the official vendor patch upgrading to Marimo 0.23.0 or higher

• Your security team has not added CVE-2026-39987 detection rules to your monitoring systems

• You cannot confirm whether the /terminal/ws WebSocket endpoint requires authentication in your deployment

If you answered yes to any of these questions, you are potentially vulnerable and should take immediate action.

Key Takeaways

• CVE-2026-39987 is a critical pre-authentication remote code execution flaw with a CVSS score of 9.8 that allows attackers to execute arbitrary commands on Marimo servers without any credentials

• The vulnerability has been actively exploited within 10 hours of disclosure and was added to CISA's Known Exploited Vulnerabilities catalog, making it a top priority for remediation

• Businesses face operational disruption, data breaches, regulatory penalties, reputation damage, and significant financial losses if this vulnerability is not patched immediately

• Any organization running Marimo version 0.22.x or earlier with network-accessible instances is at immediate risk and must upgrade to version 0.23.0 or higher

Waiting to patch is not an option since attackers are already weaponizing this flaw against data science and analytics infrastructure across North America

Call to Action

Don't wait for attackers to exploit CVE-2026-39987 in your environment. Contact IntegSec today for a comprehensive penetration test that identifies this vulnerability and other critical security gaps in your infrastructure. Our experienced team will deliver actionable findings and help you implement deep cybersecurity risk reduction strategies that protect your business from evolving threats. Visit https://integsec.com to schedule your assessment and gain the confidence that comes from knowing your defenses have been rigorously tested by industry experts.

TECHNICAL APPENDIX (security engineers, pentesters, IT professionals only)

A — Technical Analysis

The root cause of CVE-2026-39987 is missing authentication validation on the terminal WebSocket endpoint /terminal/ws in the Marimo package file marimo/_server/api/endpoints/terminal.py. Unlike other WebSocket endpoints such as /ws that correctly call validate_auth() or use the @requires() decorator to enforce authentication, the /terminal/ws endpoint only checks running mode and platform support before accepting connections, completely bypassing authentication verification. The affected component is the WebSocket handler in Marimo's server module. The attack vector is network-based with low complexity, requiring no privileges and no user interaction. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8, and the CVSS v4.0 vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N with base score 9.3. The NVD reference is https://nvd.nist.gov/vuln/detail/CVE-2026-39987, and the associated CWE is likely CWE-306 (Missing Authentication for Critical Function) or CWE-287 (Improper Authentication).

B — Detection & Verification

Version enumeration commands:

• bash

• pip show marimo

• # Check if version is < 0.23.0

• python -c "import marimo; print(marimo.__version__)"

Scanner signatures:

• Nessus plugin checks for Marimo version < 0.23.0

• OpenVAS signature: "marimo version prior to 0.23.0 detected"

• Web scanner looks for /terminal/ws endpoint without authentication challenge

Log indicators:

• WebSocket connections to /terminal/ws without corresponding authentication logs

• Unexpected PTY shell creation events

• Unusual process spawning from Marimo server process

• Connections from unknown IP addresses to port 8080/default Marimo port

Behavioral anomalies:

• New processes spawned by Marimo server that are not notebook-related

• Unexpected outbound network connections from Marimo server

• CPU/memory spikes indicating cryptocurrency mining or malware execution

• File system changes in Marimo working directories

Network exploitation indicators:

• WebSocket upgrade requests to /terminal/ws from unauthenticated sources

• Binary data or shell commands in WebSocket frames

• Evidence of NKAbuse malware C2 traffic using NKN protocol

C — Mitigation & Remediation

1. Immediate (0–24h):

• Upgrade Marimo to version 0.23.0 or higher immediately using pip install marimo==0.23.0 or pip install --upgrade marimo

• If patching is not immediately possible, block network access to the /terminal/ws endpoint using a reverse proxy or Web Application Firewall (WAF) rule

• Disable Marimo server exposure to untrusted networks by implementing network segmentation

• Monitor logs for suspicious WebSocket connections to /terminal/ws

2. Short-term (1–7d):

• Implement authentication enforcement at the infrastructure level using reverse proxy authentication (nginx auth_basic, Apache mod_auth)

• Deploy detection rules for CVE-2026-39987 exploitation attempts in your SIEM

• Conduct inventory of all Marimo deployments across your organization

• Review and restrict network access to Marimo instances using firewall rules and zero-trust architecture

• Test patch deployment in staging environment before production rollout

3. Long-term (ongoing):

• Establish vulnerability management processes to monitor for new CVEs affecting data science tools

• Implement regular patching schedules for all open-source dependencies

• Deploy application security testing in CI/CD pipelines to detect vulnerable dependencies

• Conduct periodic penetration testing focusing on data science and analytics infrastructure

• Implement network segmentation to isolate data science environments from critical business systems

• Subscribe to security advisories from Marimo maintainers and open-source dependency monitoring services

• Official vendor patch: The vulnerability is fixed in Marimo version 0.23.0. Upgrade using pip install marimo==0.23.0 or higher.

Interim mitigations for environments that cannot patch immediately:

• Place Marimo behind authentication proxy before exposing to any network

• Use Kubernetes network policies or security groups to restrict access to Marimo instances

• Implement Web Application Firewall rules blocking /terminal/ws endpoint access

• Deploy host-based intrusion detection systems monitoring for shell creation events

• Isolate Marimo servers in DMZ with no access to internal network resources

D — Best Practices

• Implement authentication at multiple layers for all internal tools and data science platforms, never relying on network security alone

• Maintain an inventory of all open-source dependencies with automated vulnerability scanning integrated into your CI/CD pipeline

• Apply patches within 24 hours for critical vulnerabilities with known exploitation, especially those added to CISA's KEV catalog

• Segment data science environments from production systems and critical business infrastructure using zero-trust network principles

• Conduct regular penetration testing of analytics and data science infrastructure to identify authentication bypass vulnerabilities before attackers do