Critical Marimo RCE Vulnerability Exploited Within Hours of Disclosure A severe remote code execution (RCE) vulnerability in Marimo, an open-source Python notebook platform, was actively exploited just 9 hours and 41 minutes after its public disclosure on April 8, 2026. Tracked as CVE-2026-39987 (CVSS 9.3), the flaw allows unauthenticated attackers to gain a full interactive shell on exposed instances. The vulnerability affects Marimo versions 0.20.4 and earlier, specifically targeting the /terminal/ws WebSocket endpoint, which lacks proper authentication checks. Unlike other endpoints, this path fails to validate user sessions, enabling attackers to establish a persistent shell with the privileges of the Marimo process without requiring credentials or complex payloads. Security firm Sysdig detected the first exploitation attempts using honeypot servers. The attack began with an automated script to confirm RCE, followed by a human operator manually navigating the victim’s filesystem. Within three minutes, the attacker extracted a .env file containing sensitive cloud credentials, including AWS access keys. Notably, no public proof-of-concept (PoC) exploit existed at the time, suggesting threat actors rapidly weaponized the flaw using details from the advisory potentially leveraging AI to accelerate exploit development. The incident underscores a growing trend of attackers targeting niche software, not just mainstream platforms. Marimo, used by data scientists and AI researchers, has ~20,000 GitHub stars. The patched version (0.23.0) closes the vulnerable endpoint, but organizations are advised to review logs for unauthorized access and rotate exposed credentials.