An internet-reachable Marimo notebook was compromised through exploitation of CVE-2026-39987, a pre-authenticated remote code execution flaw affecting Marimo versions up to and including 0.20.4. After compromise, the attacker extracted two cloud credentials from the host and replayed them through a distributed egress pool to access AWS Secrets Manager. An SSH private key was retrieved from AWS Secrets Manager and used to authenticate to an SSH bastion server. The bastion phase exfiltrated the schema and full contents of an internal PostgreSQL database in under two minutes. The activity was recorded on May 10, 2026, and the full attack chain lasted a little over an hour, with an LLM agent driving post-compromise actions.
"The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised host, replayed them through a fanned-out egress pool to retrieve an SSH private key from AWS Secrets Manager, and used that key to drive eight short SSH sessions against a downstream SSH bastion server,"
"The bastion phase exfiltrated the schema and full contents of an internal PostgreSQL database in under two minutes."
"CVE-2026-39987 refers to a critical pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including 0.20.4. It allows an unauthenticated attacker to execute arbitrary system commands. The issue was addressed in version 0.23.0, released last month."
"Minutes later, the threat actor is said to have carried out the first SSH authentication on the SSH bastion server using the retrieved key, followed by launching eight parallel SSH sessions against the downstream server to siphon an internal PostgreSQL database. The end-to-end attack chain lasted a little over an hour."
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]