CVE-2026-39987
Published: 09 April 2026
Summary
CVE-2026-39987 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Coreweave Marimo. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
marimo is a reactive Python notebook that prior to version 0.23.0 exposed a pre-authentication remote code execution vulnerability in its terminal WebSocket endpoint. The /terminal/ws handler performed only a running-mode and platform-support check before accepting connections, completely bypassing the validate_auth() call used by other endpoints such as /ws. This omission is tracked as CWE-306 and carries a CVSS 4.0 score of 9.3.
An unauthenticated network attacker can therefore open a WebSocket to /terminal/ws and receive a fully functional PTY shell, enabling arbitrary operating-system command execution on the host running the notebook server. No user interaction or credentials are required, and the attack works regardless of whether the notebook is running in development or other modes that still expose the endpoint.
The official fix is included in release 0.23.0, with the correcting change committed in c24d480 and documented in security advisory GHSA-2679-6mx9-h9xc. The project’s pull request 9098 and associated commit provide the precise diff that adds the missing authentication check to the terminal handler.
The vulnerability appears on CISA’s Known Exploited Vulnerabilities catalog, and public reporting indicates that working exploits were observed in the wild less than ten hours after disclosure. The associated EPSS score reached a peak of 0.8426 and remains above 0.80, confirming sustained exploitation interest after the initial announcement.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-20980
Vulnerability details
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other…
more
WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
- CWE(s)
- KEV Date Added
- 23 April 2026
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated RCE via public-facing WebSocket endpoint (T1190), providing direct PTY shell access for Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces that the /terminal/ws endpoint must perform validate_auth() before granting a PTY shell, blocking the unauthenticated RCE path described in the CVE.
Requires identification and authentication of users before allowing access to system resources, exactly the check omitted from the terminal WebSocket handler.
Mandates authorization and security controls for all remote access connections, covering the unauthenticated WebSocket that exposed the PTY shell.