External risk intelligence
Marimo notebooks could allow external attackers to gain full control of servers.
Marimo, a Python notebook platform, could allow external attackers to gain full control of server infrastructure by executing arbitrary system commands, potentially exposing sensitive files and system credentials. Active exploitation has been observed in the wild, requiring immediate updates.
CVE-2026-39987
Exposure facts
H – Horizon Alert
Marimo, a platform used for Python notebooks, contains a security vulnerability that may allow unauthorized individuals to gain full access to the system. The issue arises from a communication channel that fails to verify user identity, effectively permitting an attacker to execute arbitrary system commands without any authentication. This poses a significant business concern, as it could allow unauthorized parties to take complete control of the underlying server infrastructure.
A – Asset Exposure
This issue affects deployments of the Marimo reactive Python notebook. The vulnerability allows unauthorized users to bypass security checks and obtain full command-line access to the host server. This exposure could jeopardize sensitive files, system credentials, and critical operational systems managed within that environment. While these notebooks are frequently used in internal development settings, if the service is deployed with public connectivity, it may be reachable by external attackers.
L – Live Threat
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, confirming that active exploitation has been observed in the wild. Security analysis further validates that the issue has been successfully leveraged for unauthorized access shortly after its disclosure. Given these indicators, there is a high likelihood of impact for any exposed systems.
O – Operational Fix
To address this vulnerability, please apply the latest vendor-provided update to your Marimo instances as soon as possible. Because this issue is known to be exploited in the wild, prioritizing this update is recommended to protect your environment. Please coordinate with your technical team to ensure all relevant systems are fully updated and aligned with the official vendor security guidance.
References
- https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a
- https://github.com/marimo-team/marimo/pull/9098
- https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987
- https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours