README.md
Rendering markdown...
id: CVE-2026-39987
info:
name: Marimo < 0.23.0 Pre-Auth RCE
author: Security Researcher
severity: critical
description: Marimo versions prior to 0.23.0 have unauthenticated RCE via /terminal/ws
reference:
- https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
classification:
cvss-score: 9.3
cve-id: CVE-2026-39987
metadata:
verified: true
tags: cve,cve2026,marimo,rce
http:
# Verificar favicon de Marimo
- method: GET
path:
- "{{BaseURL}}/favicon.ico"
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "mmh3(base64_py(body)) == -1864630356"
condition: and
internal: true
# Obtener versión
- method: GET
path:
- "{{BaseURL}}/api/version"
extractors:
- type: regex
name: version
group: 1
regex:
- '(0\.[0-9]+\.[0-9]+)'
part: body
matchers:
- type: dsl
dsl:
- 'compare_versions(version, "< 0.23.0")'
# Verificar WebSocket vulnerable
- method: GET
path:
- "{{BaseURL}}/terminal/ws"
matchers:
- type: status
status:
- 101