Critical Python Platform Flaw Allows Unauthenticated Remote Access

A critical vulnerability in the Marimo Python notebook platform, tracked as CVE-2026-39987, allowed unauthorized attackers to gain full remote control over servers without credentials. According to the Sysdig Threat Research Team, the flaw was actively exploited in less than ten hours following its public disclosure in April 2026. The vulnerability, which carries a CVSS v4.0 score of 9.3, has since been added to the CISA Known Exploited Vulnerabilities catalog.

How the CVE-2026-39987 exploit works

The security gap originated in the platform’s WebSocket implementation. While most communication channels in Marimo required authentication, the integrated terminal endpoint—located at /terminal/ws—did not. By sending a single WebSocket handshake request to this address, an attacker could bypass authentication entirely. According to Sysdig researchers, this granted the attacker immediate command-line access to the host server. In standard Docker deployments, this provided the attacker with root-level privileges, allowing them to execute arbitrary commands, exfiltrate sensitive environment variables, or access cloud service credentials stored on the machine.

Speed of exploitation and the rise of automated threats

The time between the public disclosure of the vulnerability and its weaponization was remarkably short. Sysdig Threat Research Team reported the first exploitation attempts just 9 hours and 41 minutes after the security advisory went live. Within three minutes of a successful connection, attackers were capable of executing full credential-theft operations. This rapid turnaround highlights an increasing trend where threat actors monitor security repositories to automate the exploitation of newly patched software before administrators can apply updates.

The shift toward blockchain-based backdoors

Investigations into the active campaigns revealed that attackers are using the Marimo flaw to deploy a variant of the NKAbuse backdoor. According to cybersecurity analysts, this malware utilizes blockchain infrastructure for its command-and-control (C2) communications. By anchoring C2 traffic to a blockchain, attackers complicate efforts by network defenders to monitor or block malicious signals, as the traffic does not rely on traditional, easily sinkholed domain names or IP addresses.

How to secure your Marimo environment

Users must upgrade to Marimo version 0.23.0 or later to remediate the vulnerability. This version enforces authentication on the terminal WebSocket, closing the unauthorized access path. Administrators can perform the update by running:

pip install --upgrade "marimo>=0.23.0"

Beyond patching, security best practices dictate that administrators should avoid exposing Marimo edit-mode interfaces to untrusted networks. Furthermore, if a server was running a version prior to 0.23.0 while exposed to the internet, it should be treated as compromised. Operators should audit these machines for signs of unauthorized access or persistent backdoors.

Frequently Asked Questions

• What is the primary risk of CVE-2026-39987?
  
  The flaw allows unauthenticated remote attackers to gain full command-line access to a server, potentially exposing cloud credentials, database passwords, and sensitive files.
• How fast did attackers exploit this vulnerability?
  
  According to Sysdig, exploitation began less than 10 hours after the vulnerability was disclosed.
• Is there a patch available?
  
  Yes, version 0.23.0 of Marimo addresses the issue by requiring authentication for the terminal WebSocket.
• What is NKAbuse?
  
  It is a backdoor malware variant that uses blockchain-based infrastructure for its command-and-control operations, making it difficult to trace or block.