A critical remote code execution vulnerability in Marimo, identified as CVE-2026-39987, has been actively exploited in the wild, allowing attackers to deploy a blockchain-based backdoor via the Hugging Face platform. The flaw, which affects versions prior to 0.23.0 of the reactive Python notebook Marimo, was disclosed on April 9, 2026, but attackers had already begun exploiting it before the official announcement, marking it as a zero-day vulnerability.
CVE-2026-39987 is characterized by a lack of authentication validation in the terminal WebSocket endpoint `/terminal/ws`, which permits unauthenticated attackers to gain a full PTY shell and execute arbitrary system commands. This vulnerability has been assigned a CVSS score of 9.3, reflecting its critical nature, and has an Exploit Prediction Scoring System (EPSS) score of 0.070, indicating a moderate likelihood of exploitation.
The exploitation of this vulnerability has been swift and sophisticated. Within hours of its disclosure, attackers leveraged the flaw to spread a blockchain-based backdoor. This backdoor was disseminated through the Hugging Face platform, a popular repository for machine learning models, which was abused to facilitate the attack. The attackers' strategy involved weaponizing the vulnerability to inject malicious payloads that establish persistent access to compromised systems.
The rapid exploitation timeline underscores the urgency for organizations using Marimo to update to version 0.23.0 or later, where the vulnerability has been patched. The availability of at least five proof-of-concept exploits further exacerbates the risk, providing attackers with multiple avenues to exploit vulnerable systems.
Security experts emphasize the importance of immediate patching and monitoring for signs of compromise, particularly in environments where Marimo is deployed. Organizations should scrutinize network traffic for unusual activity and verify the integrity of systems connected to Hugging Face repositories.
As the cybersecurity community continues to analyze the scope and impact of these attacks, defenders are urged to remain vigilant and proactive in applying security updates and implementing robust access controls to mitigate the risk posed by this critical vulnerability.
CSURFACE