Security Release - CWE-306 - Remote Code Execution via Terminal WebSocket Authentication Bypass

<aside>

If you have a deployment of marimo exposed to the public, please upgrade to

marimo>=0.23.0

</aside>

Summary

The /terminal/ws endpoint is accessible without authentication on default marimo installations. This allows for unauthenticated users to remote execute code via this endpoint

Advisory: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc

CWE-306: Missing Authentication for Critical Function

CVE: CVE-2026-39987

What versions are affected

marimo <= 0.22.5

Who is affected

If you have deployed marimo as an editable notebook (not an application) to the public internet and only using marimo’s built-in authentication.
If you expose marimo to your shared network using --host 0.0.0.0 and while in edit mode (not an application).

Likely not affected

You are not affected if any of these are true.

If you have your own authentication proxy on top of editable marimo notebooks.
If you are not exposing marimo to the public internet
If you are running marimo as an application (in run mode)
WebAssembly (WASM) notebooks are not affected