CVE-2026-39987
Published: 09 April 2026
Summary
CVE-2026-39987 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Coreweave Marimo. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-17 (Remote Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification and restriction of actions permitted without authentication, preventing unauthenticated access to the /terminal/ws endpoint that grants RCE via PTY shell.
Mandates authorization, usage restrictions, and monitoring for remote access mechanisms like the vulnerable WebSocket terminal endpoint, blocking unauthorized remote shell execution.
Enforces approved access control policies requiring authentication for logical access to sensitive resources, such as the unauthenticated /terminal/ws PTY shell.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated RCE via public-facing WebSocket endpoint (T1190), providing direct PTY shell access for Unix shell command execution (T1059.004).
NVD Description
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other…
more
WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
Deeper analysisAI
CVE-2026-39987 is a pre-authentication remote code execution (RCE) vulnerability in marimo, a reactive Python notebook, affecting versions prior to 0.23.0. The issue stems from the terminal WebSocket endpoint at /terminal/ws, which lacks authentication validation. Unlike other endpoints such as /ws that properly call validate_auth(), this endpoint only verifies the running mode and platform support before accepting connections, enabling unauthenticated access.
An unauthenticated attacker with network access to a vulnerable marimo instance can connect directly to the /terminal/ws endpoint, obtain a full PTY shell, and execute arbitrary system commands on the host system. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-306 (Missing Authentication for Critical Function), allowing high confidentiality, integrity, and availability impacts without user interaction.
Marimo addressed the vulnerability in version 0.23.0, with the fix implemented via GitHub commit c24d4806398f30be6b12acd6c60d1d7c68cfd12a and pull request #9098, as documented in the project's security advisory GHSA-2679-6mx9-h9xc.
The flaw saw rapid real-world exploitation, with exploits developed and demonstrated within under 10 hours of disclosure per a Sysdig analysis, and it is included in the CISA Known Exploited Vulnerabilities Catalog.
Details
- CWE(s)
- KEV Date Added
- 23 April 2026