Main Vulnerability Database Exploits ID:12593 - Exploit for Missing Authentication for Critical Function in Marimo - CVE-2026-39987

ID:12593 - Exploit for Missing Authentication for Critical Function in Marimo - CVE-2026-39987

Published: April 17, 2026

Vulnerability identifier: #VU126426

Vulnerability risk: Critical

CVE-ID: CVE-2026-39987

CWE-ID: CWE-306

Exploitation vector: Remote access

Vulnerable software:
Marimo

Link to public exploit:

https://github.com/keraattin/CVE-2026-39987

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary system commands.

The vulnerability exists due to missing authentication for a critical function in the terminal/ws WebSocket endpoint when handling WebSocket connections. A remote attacker can connect to the endpoint to execute arbitrary system commands.

The issue can expose a full interactive shell without authentication.

Remediation

Install security update from vendor's website.

ID:12593 - Exploit for Missing Authentication for Critical Function in Marimo - CVE-2026-39987

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human