Critical Marimo RCE Vulnerability Under Active Exploitation

A critical pre-authentication remote code execution vulnerability in Marimo is now under active exploitation, according to security reports. The flaw allows attackers to execute arbitrary code without credentials and is being leveraged for credential theft. Marimo is an open-source reactive notebook environment for Python that has gained popularity among data scientists and developers. The vulnerability affects instances exposed to the internet, where attackers can exploit the flaw to gain full system access. Security researchers have observed active exploitation in the wild, with threat actors using the vulnerability to steal credentials and establish persistence on compromised systems. Organizations running Marimo instances are advised to restrict network access and apply security updates immediately. The Marimo development team has acknowledged the issue and is working on a patch. In the meantime, security professionals recommend disabling public access to Marimo installations and implementing network segmentation to limit exposure.