Lucene search
K

41 matches found

GithubExploit
GithubExploit
added 2026/04/13 6:6 p.m.137 views

Exploit for CVE-2026-39987

markdown CVE-2026-39987 - Marimo Este script es SOLO para f...

9.3CVSS5.9AI score0.95645EPSS
Exploits11
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.5 views

Marimo Vulnerable Version Scanner

Marimo versions prior to 0.23.0 suffer from a remote code execution vulnerability. This tool scans the version to see if your installation is susceptible but does not provide any exploitation functionality...

9.3CVSS6.4AI score0.95645EPSS
Exploits11
The Hacker News
The Hacker News
added 2026/04/10 7:37 a.m.8 views

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 CVSS score: 9.3, a pre-authenticated remote code...

9.8CVSS8.2AI score0.95645EPSS
Exploits11
NVD
NVD
added 2026/04/09 6:17 p.m.7 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS0.95645EPSS
Exploits11References5
Cvelist
Cvelist
added 2026/04/09 5:16 p.m.35 views

CVE-2026-39987 marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS0.95645EPSS
Exploits11References3
Vulnrichment
Vulnrichment
added 2026/04/09 5:16 p.m.4 views

CVE-2026-39987 marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References3
EUVD
EUVD
added 2026/04/09 5:16 p.m.5 views

EUVD-2026-20980

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References3
CVE
CVE
added 2026/04/09 5:16 p.m.79 views

CVE-2026-39987

CVE-2026-39987 — Marimo WebSocket terminal endpoint unauthenticated pre-auth RCE. The vulnerability resides in the terminal WebSocket at /terminal/ws, which accepts connections without authenticating, unlike the /ws endpoint that invokes validate_auth(). An unauthenticated client can obtain a ful...

9.8CVSS6.2AI score0.95645EPSS
In wildExploits11References5Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/04/09 12:0 a.m.21 views

VulnCheck KEV: CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS6.1AI score0.95645EPSS
In wildExploits11References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

marimo 访问控制错误漏洞

Marimo is an open-source interactive Python notebook that supports reactive programming and SQL queries. Versions of Marimo prior to 0.23.0 contained a access control vulnerability. This vulnerability stemmed from the lack of authentication for the terminal WebSocket endpoint, allowing...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References4
Github Security Blog
Github Security Blog
added 2026/04/08 9:50 p.m.16 views

Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS6.2AI score0.95645EPSS
Exploits11References8Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/08 9:50 p.m.7 views

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2026-39987 via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2026-39987 Source advisory: SNYK:PYTHON-MARIMO-15954201...

9.8CVSS7.3AI score0.95645EPSS
Exploits11
OSV
OSV
added 2026/04/08 9:50 p.m.3 views

GHSA-2679-6MX9-H9XC Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS6.1AI score0.95645EPSS
Exploits11References8
Snyk
Snyk
added 2026/04/08 9:50 p.m.3 views

Missing Authentication for Critical Function

Overview marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the terminal/ws WebSocket endpoint, which lacks authentication validation. An unauthenticated attacker can gain unauthorized...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References2
vulnersOsv
vulnersOsv
added 2026/04/08 9:50 p.m.11 views

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2025-39987 +1 more via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2025-39987, CVE-2026-39987 Source advisory: OSV:GHSA-2679-6MX9-H9XC...

9.8CVSS7.3AI score0.95645EPSS
Exploits11
Veracode
Veracode
added 2025/11/21 8:9 a.m.23 views

Unauthenticated Network Exposure

marimo is vulnerable to unauthenticated network exposure. The vulnerability is due to the /mpl// endpoint being accessible without authentication, which allows an attacker to reach internal services and arbitrary ports...

7.2AI score
Exploits0
OSV
OSV
added 2025/10/01 9:20 p.m.2 views

GHSA-XJV7-6W92-42R7 marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

6.9CVSS7.5AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/01 9:20 p.m.14 views

marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

7.7AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/05/01 6:30 a.m.2 views

Arbitrary Code Execution

Overview marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Arbitrary Code Execution due to the dynamic loading of notebooks as modules. An attacker can execute malicious code in notebooks during the loading process, potentially...

9.8CVSS7.6AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/05/01 6:30 a.m.5 views

click-clack (>=0.1.0 <=0.2.1), paos (>=1.2.7 <=1.2.10) +1 more potentially affected by unknown CVE via marimo (>=0.10.19 <=0.11.31)

marimo PYPI version =0.10.19, =0.1.0, =1.2.7, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: unknown CVE Source advisory: SNYK:PYTHON-MARIMO-12671196...

5.8AI score
Exploits0
Rows per page
Query Builder