Overview
CVE-2026-39987 is a critical pre-authorization remote code execution vulnerability in Marimo, a popular open-source reactive Python notebook environment. Added to the CISA Known Exploited Vulnerabilities (KEV) catalog on April 23, 2026, this flaw is confirmed to be actively exploited in the wild.
An unauthenticated attacker with network access to a Marimo server instance can trigger arbitrary command execution on the underlying host — no credentials, no prior access, and no user interaction required. The vulnerability provides direct shell access, granting the attacker the full capabilities of the process running Marimo.
Technical Details
Vulnerability Description
Marimo's server component — which powers its interactive notebook sharing and collaboration features — contains a flaw in its request handling logic that allows unauthenticated code execution. The attack does not require an authenticated session, bypassing any login or API key requirements that may be configured.
An attacker can craft a malicious HTTP request to a Marimo server endpoint that triggers execution of attacker-controlled Python code or system commands in the server's execution context.
Impact
Successful exploitation of CVE-2026-39987 allows the attacker to:
- Execute arbitrary shell commands on the host running Marimo
- Access all files and secrets visible to the Marimo process — including environment variables, API keys, Jupyter/Marimo notebooks, and any mounted volumes
- Pivot to connected infrastructure — cloud provider credentials, database connections, and other services accessible from the server
- Establish persistent access by installing backdoors, modifying notebooks, or modifying cron jobs
In cloud or containerized deployments, exploitation can lead to cloud credential theft, container escape attempts, or lateral movement within a VPC or Kubernetes cluster.
Why CISA Added This to KEV
CISA's KEV catalog requires confirmed active exploitation in the wild. The addition of CVE-2026-39987 on April 23, 2026, means threat actors are already using this vulnerability in active campaigns. Under BOD 22-01, U.S. federal agencies are required to remediate KEV entries within mandated timeframes — but all organizations should treat KEV additions as urgent.
Affected Versions
| Software | Affected Versions |
|---|---|
| Marimo | All versions prior to the patched release |
CVSS Context
While a CVSS score was not listed at the time of KEV addition, pre-authentication RCE vulnerabilities of this type typically score in the 9.8–10.0 (Critical) range based on:
| Metric | Expected Value |
|---|---|
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Changed |
| Confidentiality / Integrity / Availability | High / High / High |
Patch & Mitigation
Immediate action required given active exploitation confirmed by CISA.
- Check Marimo's GitHub security advisories for the patched version and apply immediately.
- Take internet-facing Marimo instances offline until patched — this vulnerability requires no authentication, making any publicly reachable instance an immediate target.
- Restrict network access — if Marimo must remain running, firewall it to trusted IP ranges only (VPN, internal network).
- Rotate all secrets accessible from the Marimo server environment — assume compromise if the instance was internet-facing during the active exploitation window.
- Audit server logs for unexpected HTTP requests, unusual process spawning, or outbound connections that may indicate active exploitation.
- Review mounted volumes and environment variables — attackers targeting Marimo servers likely seek cloud credentials, API tokens, and notebook contents.
Context: Marimo Deployments at Risk
Marimo is increasingly popular in data science, machine learning, and research contexts as an alternative to Jupyter notebooks. Many users share Marimo notebook servers within teams or expose them to the internet for collaboration. Cloud-based deployments (e.g., on AWS EC2, GCP Compute Engine, Azure VMs) running Marimo with public network access are at highest risk.
Research and academic institutions, ML/AI teams, and data engineering organizations should prioritize patching, as Marimo servers often have access to sensitive datasets, cloud credentials, and database connections.
CISA KEV Reference
| Field | Value |
|---|---|
| CVE | CVE-2026-39987 |
| Vendor | Marimo |
| Product | Marimo |
| Date Added to KEV | 2026-04-23 |
| Required Action | Apply mitigations per vendor instructions or discontinue use |
Recommendations
Treat CVE-2026-39987 as a zero-day requiring emergency response. The CISA KEV listing confirms active exploitation — assume that any internet-exposed Marimo server may already be compromised. Apply patches immediately, rotate credentials, and review server access logs for signs of exploitation before bringing patched instances back online.