Topic

#pre-auth-rce

2 articles exploring pre-auth-rce. Expert insights and analysis from our editorial team.

Showing 1–2 of 2 articles
Related topics:
marimo websocket-security ai-notebooks credential-theft exploit-timeline ai-dev-tools

Articles

Newest first
Security

Marimo CVE-2026-39987: Pre-Auth RCE via /terminal/ws in Under 10 Hours

Marimo's /terminal/ws skipped validate_auth() on ≤0.20.4. Sysdig recorded exploitation 9h 41m after disclosure; .env credential theft completed in under three minutes.
Security

Marimo's CVE-2026-39987 Pre-Auth RCE Puts AI Notebooks on the Same CVE Treadmill as Inference Servers

CVE-2026-39987 skipped auth on Marimo's /terminal/ws, handing any caller a root PTY shell (CVSS 9.3) — exploited in the wild just 9h 41m after the advisory.
Browse All Topics