CVE-2026-39987 Scanner

The Marimo software is used by various organizations and developers for creating secure and scalable applications. It provides a comprehensive platform for building and deploying web-based solutions, offering flexibility and ease of use. Marimo is typically utilized in environments where quick deployment and efficient management are crucial. Its integration capabilities often make it a popular choice for businesses aiming to optimize their web services. Widely adopted in both small and large scale operations, Marimo supports a range of applications across different sectors. Its design and functionality focus on delivering robust performance with customizable features for developers.

The vulnerability in question allows for Remote Code Execution (RCE) within the Marimo application. An unauthenticated attacker can exploit this flaw by connecting to the exposed terminal WebSocket endpoint. This endpoint lacks proper authentication validation, which makes it susceptible to unauthorized access. Upon exploitation, attackers may execute arbitrary OS commands on the affected server. This high-severity vulnerability compromises the integrity and security of the server environment. The exploitation does not require user interaction, making it particularly dangerous for unattended systems.

The vulnerable endpoint in Marimo is /terminal/ws. This WebSocket endpoint lacks proper authentication checks, allowing unauthenticated access. Attackers can establish a connection using WebSocket protocol to gain a PTY shell. This access enables them to execute system-level commands remotely. During exploitation, various system commands can be dispatched to the server, leading to unauthorized actions. The vulnerability arises due to the absence of robust security mechanisms over this endpoint. Ensuring that proper authentication validation is applied is key to mitigating this issue.

If left unpatched, the RCE vulnerability can lead to severe security breaches. Attackers can gain full control over the affected system and manipulate its operations. Potential impacts include data theft, system interruption, and unauthorized access to sensitive information. The vulnerability enables attackers to run malicious scripts and commands, potentially causing system-wide damages. This compromise could also allow attackers to establish a foothold within a network, leading to further exploitation. Such vulnerabilities, if exploited, can severely damage reputation and result in significant financial and operational losses.

REFERENCES

• https://github.com/advisories/GHSA-2679-6mx9-h9xc
• https://nvd.nist.gov/vuln/detail/CVE-2026-39987
• https://github.com/marimo-team/marimo