Pre-Auth RCE in Marimo /terminal/ws WebSocket Endpoint

This repository is a small standalone Python exploit PoC for CVE-2026-39987, described as a pre-authentication remote code execution issue affecting Marimo versions earlier than 0.23.0. The repository contains one substantive code file (CVE-2026-39987.py), plus a README, dependency list, license, and an auxiliary Dork.txt file with internet-search fingerprints. The main exploit flow is straightforward: it normalizes the supplied target URL, optionally probes /favicon.ico and /api/version to confirm the application and extract a version string, then builds a WebSocket URL to /terminal/ws using ws:// or wss:// depending on the original scheme. If the target appears vulnerable or the operator uses --no-check, the script connects to the terminal WebSocket and attempts to execute attacker-supplied commands. Based on the README and visible code structure, it supports three operator modes: single command execution, pseudo-interactive shell access, and generated reverse shell execution. Notable exploit capabilities include unauthenticated command execution, interactive terminal-style access, and reverse shell payload generation using operator-provided callback IP and port. SSL certificate validation is explicitly disabled for HTTPS/WSS targets, improving compatibility against self-signed deployments. The script also includes dependency checks and user-facing CLI argument parsing, indicating it is intended for direct operational use rather than just demonstrating a minimal bug trigger. Fingerprintable target endpoints are concentrated around /api/version, /favicon.ico, and especially /terminal/ws, which is the exploitation path. The Dork.txt file is auxiliary reconnaissance material and contains multiple Shodan/FOFA/Censys search fingerprints; however, most of those appear generic and not specific to Marimo. Overall, this is a real exploit PoC rather than a detector, and its maturity is best classified as OPERATIONAL because it includes practical exploitation logic and payload support, but not a broader framework or highly modular payload system.

This repository is a small standalone proof-of-concept exploit for CVE-2026-39987, described here as a pre-authentication remote code execution issue in Marimo versions prior to 0.23.0. The main exploit is CVE-2026-39987-poc.py, a Python script using the websocket-client library. It accepts a target URL and an arbitrary command, converts http/https targets into ws/wss, connects to the target WebSocket terminal endpoint at /terminal/ws, drains initial PTY output, sends the supplied command with a newline, and prints returned output until timeout or marker text. Its core capability is unauthenticated remote command execution through an exposed terminal WebSocket, effectively yielding shell-like access with the privileges of the Marimo process. Repository structure is minimal: one Python exploit, a README documenting the vulnerability and usage, and a docker-vulnerable lab containing a Dockerfile and docker-compose.yml. The Docker lab installs marimo==0.22.3, exposes port 2718, binds to 0.0.0.0, and disables authentication/token protections, creating a reproducible vulnerable environment. The exploit is not part of a larger framework and is operational rather than weaponized: it supports arbitrary operator-supplied commands but does not include advanced payload staging, persistence, or automation beyond command execution. Fingerprintable targets and observables include the /terminal/ws endpoint, TCP port 2718, host binding 0.0.0.0, and filesystem paths used in examples and the lab such as /app/notebooks, /etc/passwd, /etc/os-release, and /root/.bash_history. Overall, the repository’s purpose is to demonstrate and validate unauthenticated WebSocket terminal access leading to RCE against vulnerable Marimo deployments.

This repository is a local Docker lab and exploit demonstration for CVE-2026-39987, a pre-authentication RCE in marimo’s terminal WebSocket endpoint /terminal/ws. The repo contains two containerized environments: a vulnerable marimo 0.20.4 instance under vuln/ and a patched marimo 0.23.0 instance under patched/, both launched with marimo edit in headless mode on container port 2718 and exposed locally as 127.0.0.1:8081 and 127.0.0.1:8082. The notebook files are minimal and exist only to start the marimo edit server. The exploit logic is in poc/poc.py and poc/rce_poc.py. poc.py is a constrained proof-of-execution script: it validates that the supplied base URL is localhost-only, converts it to a WebSocket URL ending in /terminal/ws, connects without authentication, sends a benign shell command sequence (id; whoami; hostname) bracketed by markers, receives PTY output, strips ANSI/control noise, and reports vulnerability if uid= appears in the captured output. This is a real exploit path because it performs unauthenticated command execution, not just detection. poc/rce_poc.py is a less restricted interactive client that connects to the same endpoint and provides an operator-driven shell-like interface over the WebSocket, making it more capable than the benign PoC. Repository structure is straightforward: docker-compose.yml orchestrates both services with localhost-only bindings and container hardening; vuln/ and patched/ each contain a Dockerfile and notebook; poc/ contains the exploit scripts and Python dependencies; README.md documents the vulnerability, setup, and expected behavior; SAFETY.md defines local-only guardrails. Overall, the repository’s purpose is to compare vulnerable versus patched behavior and demonstrate that unauthenticated access to /terminal/ws can yield command execution as the marimo process user.

This repository is a small self-contained exploit lab for CVE-2026-39987 affecting marimo. It contains four files: a Python exploit (`exploit.py`), a vulnerable target container definition (`Dockerfile.target`), a Docker Compose lab environment (`docker-compose.yml`), and a detailed walkthrough (`README.md`). The overall purpose is to reproduce and study a pre-authentication remote code execution condition caused by an authentication bypass on marimo's terminal WebSocket endpoint. The main exploit capability is in `exploit.py`. It connects directly to a user-supplied WebSocket URL, intended to be `ws://<target>:2718/terminal/ws`, using the `websocket-client` library. After connecting, it drains any initial PTY/banner output, then either: (1) sends a single shell command and returns the output (`exec` mode), or (2) provides an interactive shell loop (`shell` mode). The exploit does not perform authentication, token handling, or session negotiation; it relies entirely on the vulnerable endpoint accepting the WebSocket connection unauthenticated. Output parsing is basic but functional: it reads until timeout or until a shell prompt ending in `#` or `$` is observed. The target environment is intentionally configured to demonstrate impact clearly. `Dockerfile.target` installs `marimo==0.20.4`, creates a notebook directory under `/app/notebooks`, exposes TCP port 2718, and launches `marimo edit --host 0.0.0.0 --port 2718 --token .`. `docker-compose.yml` publishes port 2718 to the host and explicitly runs the target container as root, so successful exploitation yields root-level command execution inside the container. The README explains the vulnerability model: normal endpoints such as `/` and `/ws` enforce authentication, but `/terminal/ws` allegedly accepts WebSocket connections without validating auth when marimo is in edit mode and terminal support is enabled. The exploit therefore targets a web/network attack surface, specifically an unauthenticated WebSocket endpoint. This is a real exploit PoC rather than a detector: it provides direct command execution and an interactive shell, making it operational but not heavily weaponized.

This repository is a standalone Python exploit tool for CVE-2026-39987, described as an unauthenticated WebSocket pre-auth RCE in Marimo versions prior to 0.23.0. The repository is small and simple: one main Python script (CVE-2026-39987.py), a README with usage and vulnerability details, and a license file. No external exploit framework is used. The main script is an operational mass scanner/exploitation utility rather than a minimal proof of concept. It imports websockets, requests, asyncio, threading, and rich, indicating concurrent network exploitation with formatted console output. The code defines output artifacts under nx_output/ and uses worker threads to process many targets concurrently. Based on the visible constants and README, the exploit connects to the vulnerable /terminal/ws endpoint over ws:// or wss:// to obtain a PTY shell without authentication. Beyond initial shell access, the script contains environment profiles for multiple deployment types including Marimo, cPanel, Plesk, Apache, Nginx, and Python app environments. These profiles enumerate likely web roots, config directories, log locations, and credential files. The exploit appears designed to run post-compromise discovery commands through the shell to identify privilege level, enumerate notebooks and users, inspect SSH/config/log files, harvest tokens and credentials, and probe for databases. It also attempts a proof-of-write/web verification step by dropping a marker file such as Nx.py or Nx.php into likely web roots and then checking HTTP-accessible paths like /Nx.php or /api/files/Nx.py for the string "Nxploited". Fingerprintable targets and paths are abundant in the code: the primary network target is /terminal/ws, while many filesystem paths are hardcoded for enumeration and credential access, including /root/.my.cnf, /etc/mysql/debian.cnf, /etc/psa/.psa.shadow, /etc/apache2, /etc/nginx, /var/log/nginx, /var/log/apache2, /var/www/html, and /etc/shadow. The README also documents example target formats and the common Marimo port 2718. Overall, this is a real exploit repository with offensive capability: it provides unauthenticated remote command execution against vulnerable Marimo instances and automates extensive host discovery and data collection after access is obtained.

Repository contains three Python utilities, one README, and one HTML helper page. The core purpose is exploitation of an alleged Marimo pre-auth remote code execution issue via unauthenticated WebSocket access to /terminal/ws on port 2718. CVE-2026-39987_exploit.py is a simple interactive exploit that opens a ws:// or wss:// connection and forwards stdin/stdout for shell-like interaction. CVE-2026-39987_scanner.py is a more aggressive probe script that connects to the same endpoint and sends hardcoded commands to confirm execution, including sensitive file reads. exploit_fast.py is the most feature-rich implementation: it optionally checks /api/version, compares versions against <0.23.0, supports single-command execution, interactive mode, and reverse-shell payload generation. The payload format in exploit_fast.py differs from the simpler exploit/scanner by sending JSON objects with type=exec and command fields, suggesting either multiple protocol assumptions or inconsistent understanding of the target protocol. website.html appears to be a local command-reference UI rather than exploit logic. Overall, this is a standalone Python exploit repository, not tied to a major framework. It is operational because it includes working exploit routines and payload generation, but payload customization is basic and mostly operator-supplied. The repository also shows internal inconsistency in claimed affected versions (README says <=0.20.4 while exploit_fast.py checks <0.23.0), which reduces confidence in targeting accuracy.

Repository contains a Python proof-of-concept exploit and a Nuclei template for CVE-2026-39987, targeting Marimo versions earlier than 0.23.0. The main exploit script, CVE-2026-39987_PoC.py, performs optional passive checks against /favicon.ico and /api/version, then converts the supplied base URL into a ws:// or wss:// connection to /terminal/ws and uses that unauthenticated terminal WebSocket to execute attacker-supplied commands. The script supports three main modes: one-shot command execution, interactive shell mode, and reverse shell generation using an operator-supplied callback IP and port. SSL verification is disabled for HTTPS targets, and the script includes basic operator prompts and dependency checks. The repository also includes CVE-2026-39987_nuclei.yaml, which is a detection template rather than an exploit; it fingerprints Marimo via favicon hash -1864630356, extracts the version from /api/version, and checks whether /terminal/ws responds as a WebSocket endpoint. Supporting files include README.md with usage examples, impact notes, remediation guidance, and example commands, plus requirements.txt and a short installation/usage note. Overall, this is a functional operational PoC for unauthenticated remote command execution against exposed vulnerable Marimo instances, accompanied by a scanner template for identification.