Lucene search
+L

44 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-407 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS7.7AI score0.95645EPSS
Exploits11References10
EUVD
EUVD
added 2026/06/18 12:32 a.m.12 views

EUVD-2026-37809

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 12:32 a.m.5 views

GHSA-8M59-7XV8-735H marimo contains a reflected cross-site scripting vulnerability in the notebook page

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/17 9:37 p.m.26 views

CVE-2026-54386 marimo < 0.23.9 XSS via file Query Parameter in assets.py

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS0.00239EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 9:37 p.m.28 views

CVE-2026-54386

CVE-2026-54386 affects marimo prior to 0.23.9. A reflected XSS in the notebook page arises from improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string. An unauthenticated attacker can craft a link with a payload (notably starting with new ) that ...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 9:37 p.m.3 views

CVE-2026-54386 marimo < 0.23.9 XSS via file Query Parameter in assets.py

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

5.1CVSS5.9AI score0.00239EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2026/06/02 8:37 a.m.99 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross...

9.8CVSS7.5AI score0.95645EPSS
Exploits11
The Hacker News
The Hacker News
added 2026/05/29 2:39 p.m.23 views

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...

9.8CVSS8.1AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/05/16 1:10 a.m.92 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - Marimo Pre-Auth RCE Unauthenticated Remote...

9.8CVSS7.5AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/05/04 10:54 a.m.136 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/05/04 10:54 a.m.177 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/04/26 5:54 a.m.123 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 Lab Guide Pre-Auth Remote Code Execution v...

9.8CVSS8.4AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/04/25 4:50 p.m.132 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...

9.8CVSS8AI score0.95645EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.4 views

Python Library marimo < 0.23.0 Pre-Auth RCE (CVE-2026-39987)

The detected version of the marimo Python package is prior to 0.23.0. It is, therefore, affected by a remote code execution vulnerability: - The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute...

9.8CVSS8.2AI score0.95645EPSS
Exploits11References2
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.7 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References1
CISA
CISA
added 2026/04/23 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-39987link is external Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

9.8CVSS5.9AI score0.95645EPSS
In wildExploits11References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/23 12:0 a.m.13 views

Marimo Remote Code Execution Vulnerability

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands...

9.8CVSS8.2AI score0.95645EPSS
In wildExploits11
GithubExploit
GithubExploit
added 2026/04/18 7:46 a.m.149 views

Exploit for CVE-2026-39987

CVE-2026-39987 marimo is a reactive Python notebook. Prior to...

9.3CVSS7.7AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/04/15 8:9 a.m.167 views

Exploit for CVE-2026-39987

CVE-2026-39987 — Marimo Python Notebook Pre-Authenticated Remo...

9.3CVSS6.9AI score0.95645EPSS
Exploits11
Rows per page
Query Builder