CVE-2026-39987

Marimo Remote Code Execution via Missing Authentication (CVE-2026-39987)

Initial Access Execution Privilege Escalation Last updated:

CVE-2026-39987 is a critical remote code execution vulnerability in the Marimo reactive notebook framework caused by missing authentication (CWE-306) for critical server-side functions. An unauthenticated remote attacker can invoke kernel execution endpoints to run arbitrary Python code in the context of the Marimo server process. This vulnerability is actively exploited in the wild and listed on the CISA KEV catalog.

Vulnerability Intelligence

KEV — Known Exploited

Affected Software

Vendor
Marimo
Product
Marimo

Weakness (CWE)

CWE-306

Timeline

Disclosed
April 23, 2026

CVSS

Unscored
Write-up coming soon

What is CVE-2026-39987 Marimo Remote Code Execution via Missing Authentication (CVE-2026-39987)?

Marimo Remote Code Execution via Missing Authentication (CVE-2026-39987) (CVE-2026-39987) maps to the Initial Access and Execution and Privilege Escalation tactics — the adversary is trying to get into your network in MITRE ATT&CK.

This page provides production-ready detection logic for Marimo Remote Code Execution via Missing Authentication (CVE-2026-39987), covering the data sources and telemetry it touches: Microsoft Defender for Endpoint, Microsoft Sentinel DeviceNetworkEvents, DeviceProcessEvents. The queries below are rated critical severity at medium confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic
Initial Access Execution Privilege Escalation
Microsoft Sentinel / Defender
kusto 
let MarimoDefaults = dynamic([2718, 8080, 8000]);
DeviceNetworkEvents
| where TimeGenerated > ago(24h)
| where InitiatingProcessFileName =~ "marimo" or InitiatingProcessCommandLine has "marimo"
| join kind=inner (
    DeviceProcessEvents
    | where TimeGenerated > ago(24h)
    | where InitiatingProcessFileName =~ "marimo" or FileName =~ "python" or FileName =~ "python3"
    | where ProcessCommandLine has_any ("exec", "eval", "__import__", "subprocess", "os.system", "shell=True", "Popen")
) on DeviceId
| union (
    DeviceNetworkEvents
    | where TimeGenerated > ago(24h)
    | where RemotePort in (MarimoDefaults)
    | where InitiatingProcessFileName !in~ ("marimo", "python", "python3")
    | extend Suspicious = "Unexpected process accessing Marimo port"
)
| project TimeGenerated, DeviceId, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, RemoteIP, RemotePort, ActionType
| extend AlertDetail = "Potential CVE-2026-39987 exploitation: unauthenticated Marimo RCE"

Detects suspicious process execution originating from the Marimo notebook server, including Python subprocesses with shell execution patterns, and unexpected processes communicating on Marimo's default ports. Targets endpoint telemetry to identify post-exploitation activity following unauthenticated RCE.

critical severity medium confidence

Data Sources

Microsoft Defender for Endpoint Microsoft Sentinel DeviceNetworkEvents DeviceProcessEvents

Required Tables

DeviceNetworkEvents DeviceProcessEvents

False Positives

  • Legitimate Marimo notebooks executing system commands as part of normal data science workflows
  • Automated CI/CD pipelines running Marimo notebooks that invoke subprocess calls
  • Security researchers or developers testing Marimo features locally on internal networks
  • Marimo server processes binding to standard ports during normal startup on shared developer machines

Sigma rule & cross-platform mapping

The detection logic for Marimo Remote Code Execution via Missing Authentication (CVE-2026-39987) (CVE-2026-39987) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource: 

logsource:
  category: process_creation
  product: windows

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-39987 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-39987

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)
Last updated: 2026-06-19 Research depth: standard
References (2)

Testing Methodology

Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Unauthenticated Marimo Kernel RCE via HTTP POST

    Expected signal: HTTP POST to Marimo port 2718 from loopback or external IP; new child process (sh or bash) spawned under the Marimo/Python process; creation of /tmp/marimo_rce_test.txt by the Marimo server user

  2. Test 2Marimo RCE Reverse Shell Simulation

    Expected signal: Outbound TCP connection from Marimo Python process to loopback port 9999; /bin/sh spawned as child of Python under Marimo server; socket.connect syscall in audit logs

  3. Test 3Marimo Persistence via Cron Injection through RCE

    Expected signal: subprocess.run executing bash crontab command as Marimo server user; crontab modification event in audit logs; new cron entry for the Marimo user account

Unlock Pro Content

Get the full detection package for CVE-2026-39987 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0001Initial AccessTA0002ExecutionTA0004Privilege Escalation

Related Techniques

T1190Exploit Public-Facing ApplicationT1059.006PythonT1203Exploitation for Client Execution

Same Tactic: Initial Access

Popular Detections