CVE-2026-39987: CWE-306: Missing Authentication for Critical Function in marimo-team marimo
CVE-2026-39987 is a critical vulnerability in marimo versions prior to 0. 23. 0 where the /terminal/ws WebSocket endpoint lacks authentication. This allows unauthenticated attackers to obtain a full PTY shell and execute arbitrary system commands remotely. The vulnerability arises because this endpoint does not call the validate_auth() function, unlike other endpoints. The issue is fixed in version 0. 23. 0. The CVSS 4. 0 score is 9.
AI Analysis
Technical Summary
The marimo reactive Python notebook before version 0.23.0 contains a missing authentication vulnerability (CWE-306) in its /terminal/ws WebSocket endpoint. This endpoint accepts connections after only checking running mode and platform support, completely skipping authentication validation. As a result, an unauthenticated attacker can gain a full pseudo-terminal (PTY) shell and execute arbitrary system commands remotely. Other WebSocket endpoints in marimo correctly enforce authentication by calling validate_auth(), but /terminal/ws does not. This vulnerability is addressed in marimo version 0.23.0.
Potential Impact
An unauthenticated attacker can remotely execute arbitrary system commands with the privileges of the marimo process by connecting to the /terminal/ws WebSocket endpoint. This leads to a full remote code execution (RCE) capability without any authentication, posing a critical security risk to affected systems.
Mitigation Recommendations
Upgrade marimo to version 0.23.0 or later, where this vulnerability is fixed by enforcing authentication on the /terminal/ws endpoint. Patch status is confirmed fixed in version 0.23.0. Until upgrading, restrict access to the /terminal/ws endpoint to trusted users or networks as a temporary mitigation.
CVE-2026-39987: CWE-306: Missing Authentication for Critical Function in marimo-team marimo
Description
CVE-2026-39987 is a critical vulnerability in marimo versions prior to 0. 23. 0 where the /terminal/ws WebSocket endpoint lacks authentication. This allows unauthenticated attackers to obtain a full PTY shell and execute arbitrary system commands remotely. The vulnerability arises because this endpoint does not call the validate_auth() function, unlike other endpoints. The issue is fixed in version 0. 23. 0. The CVSS 4. 0 score is 9.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The marimo reactive Python notebook before version 0.23.0 contains a missing authentication vulnerability (CWE-306) in its /terminal/ws WebSocket endpoint. This endpoint accepts connections after only checking running mode and platform support, completely skipping authentication validation. As a result, an unauthenticated attacker can gain a full pseudo-terminal (PTY) shell and execute arbitrary system commands remotely. Other WebSocket endpoints in marimo correctly enforce authentication by calling validate_auth(), but /terminal/ws does not. This vulnerability is addressed in marimo version 0.23.0.
Potential Impact
An unauthenticated attacker can remotely execute arbitrary system commands with the privileges of the marimo process by connecting to the /terminal/ws WebSocket endpoint. This leads to a full remote code execution (RCE) capability without any authentication, posing a critical security risk to affected systems.
Mitigation Recommendations
Upgrade marimo to version 0.23.0 or later, where this vulnerability is fixed by enforcing authentication on the /terminal/ws endpoint. Patch status is confirmed fixed in version 0.23.0. Until upgrading, restrict access to the /terminal/ws endpoint to trusted users or networks as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-08T00:01:47.629Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d7e6ff1cc7ad14dafe8dec
Added to database: 4/9/2026, 5:50:55 PM
Last enriched: 4/9/2026, 6:05:46 PM
Last updated: 4/9/2026, 7:05:04 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.