Skip to content
#

pre-auth-rce

Star

Here is 1 public repository matching this topic...

keraattin / CVE-2026-39987

Star 0

CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0.

websocket cybersecurity vulnerability-detection python-notebook nmap-scripts remote-code-execution nse-scripts marimo cve-2026-39987 pre-auth-rce
  • Updated Apr 15, 2026
  • Python

Improve this page

Add a description, image, and links to the pre-auth-rce topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the pre-auth-rce topic, visit your repo's landing page and select "manage topics."

Learn more