CVE-2026-39987 — Marimo pre-auth RCE

marimo before 0.23.0 exposes a pre-auth remote code execution path on /terminal/ws. The endpoint accepted WebSocket connections without validating authentication, allowing an unauthenticated attacker to obtain a PTY shell and run arbitrary commands.

NVD shows this CVE was added to CISA’s KEV catalog on 2026-04-23, which means active exploitation evidence exists and remediation should be expedited.

Affected versions

Vulnerable: marimo < 0.23.0
Fixed: marimo >= 0.23.0

Indicator-of-exposure

marimo is installed at a vulnerable version.
The service is reachable from untrusted networks.
Notebook or terminal functionality is exposed to shared users / internet.

Quick checks:

python -m pip show marimo
python - <<'PY'
import marimo
print(marimo.__version__)
PY
ss -lntp | rg ':2718|:8080|:80|:443'

Remediation strategy

Upgrade immediately to marimo>=0.23.0.
Place the service behind strong authentication and reverse-proxy policy.
Restrict network reachability (VPN / private subnet / IP allow-list).
Rotate credentials and secrets available to the marimo runtime if exposure was internet-facing.

The prompt

You are remediating CVE-2026-39987 (Marimo pre-auth RCE) in this repository or
runtime image. Produce exactly one of:

1. A reviewer-ready PR that upgrades marimo to a fixed version and adds basic
   hardening controls.
2. TRIAGE.md if no safe patch path exists in this codebase.

## Rules

- Fix only CVE-2026-39987 scope.
- Prefer the smallest safe version bump to `>=0.23.0`.
- Do not auto-merge.
- If internet-exposed runtime was vulnerable, include an incident-response
  checklist in the PR body.

## Steps

1. Detect current marimo version from lockfiles + environment metadata.
2. If marimo is absent or already `>=0.23.0`, stop with a short triage note.
3. Update dependency manifests and lockfiles to a fixed marimo version.
4. Search for marimo launch points and add a hardening note (auth + network
   boundary) in ops docs or deployment manifest comments, without unrelated
   refactors.
5. Run project tests/lint.
6. Output:
   - PR title: `fix(sec): remediate CVE-2026-39987 in marimo`
   - PR body must include: affected version, fixed version, test output summary,
     and operator follow-ups (credential rotation if exposed).

## Stop conditions

- Patch would require unsupported major stack migration.
- No lockfile / deterministic dependency mechanism exists.
- Tests fail due to unrelated pre-existing failures.

Verification — what the reviewer looks for

Lockfile and manifest pin marimo to >=0.23.0.
No vulnerable marimo version remains in dependency tree.
Tests/lint are green or failures are clearly pre-existing.
PR includes runtime hardening follow-ups if service was internet-reachable.

References

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2026-39987
GHSA advisory: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
Patch commit: https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a