CVE-2026-39987

This repository contains a functional Python-based exploit for CVE-2026-39987, targeting a pre-authentication RCE vulnerability in Marimo versions < 0.23.0 via WebSocket manipulation. The PoC includes both single-command execution and interactive shell modes, with additional features for target verification and reverse shell payload generation.

The repository claims to provide an exploit for CVE-2026-39987, an unauthenticated stored XSS leading to RCE in marimo, but only includes a README with vague details and a link to an external download. No actual exploit code is present.

The repository contains no actual exploit code or technical details about CVE-2026-39987. It only includes a template file, a generic README with placeholder instructions, and a license file.

The repository contains only a LICENSE file with no exploit code, technical details, or proof-of-concept implementation. It lacks any substantive content related to CVE-2026-39987.

This repository contains a functional exploit for CVE-2026-39987, a pre-authentication RCE vulnerability in Marimo via an unauthenticated WebSocket terminal endpoint. The PoC establishes a WebSocket connection to `/terminal/ws`, drains initial output, and executes arbitrary commands.

This repository contains a functional exploit PoC for CVE-2026-39987, demonstrating a pre-authentication RCE vulnerability in marimo's terminal WebSocket endpoint. The lab includes Dockerized vulnerable and patched environments, along with scripts to verify the vulnerability by executing benign commands.

This repository contains a functional exploit for CVE-2026-39987, demonstrating a pre-authentication remote code execution vulnerability in marimo via a WebSocket authentication bypass. The exploit includes both single-command execution and interactive shell capabilities.

The repository contains a functional Python exploit for CVE-2026-39987, demonstrating a pre-authentication RCE vulnerability in Marimo <= 0.20.4 via an unauthenticated WebSocket connection to `/terminal/ws`. The exploit includes both endpoint verification and a full interactive PTY shell payload.

The repository contains a mass scanner for CVE-2026-39987, targeting Marimo's unauthenticated WebSocket RCE vulnerability. It includes detection logic for various environments (e.g., cPanel, Plesk, Apache) but does not contain functional exploit code for achieving RCE.

This repository contains a Python script that detects Marimo notebook instances vulnerable to CVE-2026-39987 by checking for exposed WebSocket endpoints and version information. It does not include exploit code but performs safe detection checks.

This repository contains a functional exploit for CVE-2026-39987, targeting a WebSocket-based authentication bypass vulnerability in Marimo software. The exploit establishes a WebSocket connection to a vulnerable endpoint and provides an interactive shell, demonstrating remote code execution (RCE) capabilities.

This repository contains a functional Python-based exploit for CVE-2026-39987, targeting Marimo versions below 0.23.0 via an unauthenticated WebSocket RCE vulnerability. The PoC includes both single-command execution and interactive shell modes, along with version detection logic.

The repository contains a Python-based scanner that detects vulnerable versions of Marimo by checking the version endpoint and favicon. It does not exploit the vulnerability but confirms the presence of vulnerable versions.