Description
marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal. Attackers can craft a malicious link with a payload beginning with __new__ to bypass the 404 check and inject JavaScript into the page, which executes without Content-Security-Policy restrictions in the origin of a victim's marimo server.
Published: 2026-06-17
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a reflected cross‑site scripting flaw that occurs when the notebook page processes the "file" query parameter in assets.py. Improper escaping of single quotes allows an attacker to include arbitrary JavaScript in a string literal. By crafting a link that begins with __new__, the usual 404 check is bypassed, letting the malicious payload be reflected into the page. The injected code runs in the victim’s browser context, without any Content‑Security‑Policy restrictions applied by the server, exposing the user to session hijacking, credential theft, and other client‑side attacks.

Affected Systems

Versions of the marimo application before 0.23.9 are affected. The vulnerability is present in the marimo‑team marimo product; any deployment running these older releases is potentially exposed.

Risk and Exploitability

With a CVSS score of 5.1 this issue is moderate in severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. Attackers would require no authentication to craft a malicious URL that targets an exposed notebook page in the victim’s marimo server, which is a typical user‑facing prompt or link shared with others.

Generated by OpenCVE AI on June 18, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade marimo to version 0.23.9 or newer to remove the reflected XSS flaw.
  • Configure a strict Content‑Security‑Policy header on the marimo deployment to disallow inline JavaScript and disable eval.
  • Sanitize and properly escape single quotes in the file query parameter, or use a context‑aware escaping routine, to prevent future injection issues.

Generated by OpenCVE AI on June 18, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8m59-7xv8-735h marimo contains a reflected cross-site scripting vulnerability in the notebook page
History

Thu, 18 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Marimo-team
Marimo-team marimo
Vendors & Products Marimo-team
Marimo-team marimo

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal. Attackers can craft a malicious link with a payload beginning with __new__ to bypass the 404 check and inject JavaScript into the page, which executes without Content-Security-Policy restrictions in the origin of a victim's marimo server.
Title marimo < 0.23.9 XSS via file Query Parameter in assets.py
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Marimo-team Marimo
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T13:54:06.426Z

Reserved: 2026-06-12T20:20:02.950Z

Link: CVE-2026-54386

cve-icon Vulnrichment

Updated: 2026-06-18T13:48:25.379Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:00:13Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')