#marimo
5 articles exploring marimo. Expert insights and analysis from our editorial team.
Articles
Marimo CVE-2026-39987 Exposed Unauthenticated Root Shells Within Hours of Disclosure
Marimo's /terminal/ws endpoint granted unauthenticated attackers a full PTY shell. CVE-2026-39987 was actively exploited within 9 hours and 41 minutes of disclosure.
CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure
CVE-2026-39987 gave attackers a root shell on Marimo in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.
Marimo CVE-2026-39987: Pre-Auth RCE via /terminal/ws in Under 10 Hours
Marimo's /terminal/ws skipped validate_auth() on ≤0.20.4. Sysdig recorded exploitation 9h 41m after disclosure; .env credential theft completed in under three minutes.
Marimo's CVE-2026-39987 Pre-Auth RCE Puts AI Notebooks on the Same CVE Treadmill as Inference Servers
CVE-2026-39987 skipped auth on Marimo's /terminal/ws, handing any caller a root PTY shell (CVSS 9.3) — exploited in the wild just 9h 41m after the advisory.
Marimo's CVE-2026-39987 Went From Disclosure to Exploitation in 9 Hours 41 Minutes — and Staged NKAbuse Payloads on Hugging Face
Marimo CVE-2026-39987 was exploited 9h41m after disclosure, with 662 events and a NKAbuse backdoor staged on Hugging Face. Same-day patching is the new minimum for AI tooling.