Description
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
Published: 2026-04-09
Score: 9.3 Critical
EPSS: 58.2% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can connect to marimo’s terminal WebSocket endpoint, gain a full PTY shell, and run arbitrary system commands, compromising confidentiality, integrity, and availability of the host. The weakness is a missing authentication check (CWE‑306) that allows exploitation without valid credentials.

Affected Systems

marimo versions prior to 0.23.0 are affected; any instance of the marimo-team:marimo product before this release is vulnerable.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity. Because the endpoint accepts connections over an open WebSocket without authentication, a remote attacker can exploit this directly over the network, likely from anywhere that can reach the service. The EPSS score of 58% indicates a high probability of exploitation. The vulnerability is listed in the CISA KEV catalog. The risk is therefore high due to the critical severity and the ease of remote exploitation.

Generated by OpenCVE AI on May 3, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade marimo to version 0.23.0 or later
  • If immediate upgrade is not possible, block remote access to the /terminal/ws endpoint using firewall rules or reverse proxy authentication
  • Ensure no other users can access the terminal WebSocket endpoint by reviewing network access controls
  • Monitor logs for failed or unauthorized WebSocket connection attempts to detect potential exploitation attempts

Generated by OpenCVE AI on May 3, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2679-6mx9-h9xc Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
History

Thu, 23 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Coreweave
Coreweave marimo
CPEs cpe:2.3:a:coreweave:marimo:*:*:*:*:*:python:*:*
Vendors & Products Coreweave
Coreweave marimo
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 23 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-23T00:00:00+00:00', 'dueDate': '2026-05-07T00:00:00+00:00'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Marimo-team
Marimo-team marimo
Vendors & Products Marimo-team
Marimo-team marimo

Thu, 09 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
Title marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Coreweave Marimo
Marimo-team Marimo
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T03:55:20.777Z

Reserved: 2026-04-08T00:01:47.629Z

Link: CVE-2026-39987

cve-icon Vulnrichment

Updated: 2026-04-09T17:43:39.571Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T18:17:02.807

Modified: 2026-04-23T20:15:29.690

Link: CVE-2026-39987

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T14:45:23Z

Weaknesses