Description
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
Published: 2026-04-09
Score: 9.3 Critical
EPSS: 80.7% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, the likely attack vector is an unauthenticated connection to marimo’s terminal WebSocket endpoint, which yields a full PTY shell and permits arbitrary system command execution, compromising confidentiality, integrity, and availability of the host. The weakness is a missing authentication check (CWE-306) – this classification is derived from the known CWEs provided in the CVE data.

Affected Systems

marimo versions prior to 0.23.0 are affected; any instance of the marimo-team:marimo product before this release is vulnerable.

Risk and Exploitability

Based on the description, it is inferred that an attacker can exploit this vulnerability over the network by connecting to the open WebSocket endpoint without authentication. The CVSS score of 9.3 indicates critical severity. The EPSS score of 80% indicates a high probability of exploitation. The vulnerability is listed in the CISA KEV catalog. The risk is therefore high due to the critical severity the ease of remote exploitation.

Generated by OpenCVE AI on June 3, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade marimo to version 0.23.0 or later
  • If immediate upgrade is not possible, block remote access to the /terminal/ws endpoint using firewall rules or reverse proxy authentication
  • Ensure no other users can access the terminal WebSocket endpoint by reviewing network access controls
  • Monitor logs for failed or unauthorized WebSocket connection attempts to detect potential exploitation attempts

Generated by OpenCVE AI on June 3, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2679-6mx9-h9xc Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
History

Thu, 23 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Coreweave
Coreweave marimo
CPEs cpe:2.3:a:coreweave:marimo:*:*:*:*:*:python:*:*
Vendors & Products Coreweave
Coreweave marimo
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 23 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-23T00:00:00+00:00', 'dueDate': '2026-05-07T00:00:00+00:00'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Marimo-team
Marimo-team marimo
Vendors & Products Marimo-team
Marimo-team marimo

Thu, 09 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
Title marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Coreweave Marimo
Marimo-team Marimo
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T03:55:20.777Z

Reserved: 2026-04-08T00:01:47.629Z

Link: CVE-2026-39987

cve-icon Vulnrichment

Updated: 2026-04-09T17:43:39.571Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T18:17:02.807

Modified: 2026-04-23T20:15:29.690

Link: CVE-2026-39987

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T14:45:20Z

Weaknesses