79.6% probability · 99.1th percentile — 2026-05-12
Affected versions
All unpatched Marimo releases prior to the vendor's fixed update
Summary
This is a pre-authorization remote code execution vulnerability in Marimo software. It allows unauthenticated remote attackers to gain full shell access and execute arbitrary system commands on affected hosts. The vulnerability has a 9.8 CVSS v3 score and is listed in CISA KEV.
Remediation
Apply the vendor's security patch for this vulnerability as soon as possible. Block all public access to affected Marimo instances until patching is completed. Follow CISA BOD 22-01 guidance for mitigating known exploited vulnerabilities.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.