Topic

#websocket-security

3 articles exploring websocket-security. Expert insights and analysis from our editorial team.

Showing 1–3 of 3 articles
Related topics:
marimo rce credential-theft notebook-security ai-toolchain vulnerability-disclosure

Articles

Newest first
Security

CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure

CVE-2026-39987 gave attackers a root shell on Marimo in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.
Security

Marimo CVE-2026-39987: Pre-Auth RCE via /terminal/ws in Under 10 Hours

Marimo's /terminal/ws skipped validate_auth() on ≤0.20.4. Sysdig recorded exploitation 9h 41m after disclosure; .env credential theft completed in under three minutes.
Security

Marimo's CVE-2026-39987 Pre-Auth RCE Puts AI Notebooks on the Same CVE Treadmill as Inference Servers

CVE-2026-39987 skipped auth on Marimo's /terminal/ws, handing any caller a root PTY shell (CVSS 9.3) — exploited in the wild just 9h 41m after the advisory.
Browse All Topics