SeverityCRITICAL
Repositorymarimo-team/marimo
PublishedApr 8, 2026, 9:50 PM
Ref78489d4621dc4358dc5974af0c727feb0b7331cb
Advisory summary
Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Curator analysis
Synopsis
The terminal WebSocket endpoint accepts unauthenticated connections and then spawns an interactive PTY shell, enabling pre-auth command execution.
Vulnerability classes
authentication bypassremote code execution
Sink hints
marimo/_server/api/endpoints/terminal.py
The /terminal/ws handler was patched to add validate_auth() before accepting the websocket; this file contains both the missing auth check and the terminal/PTY execution path.
tests/_server/api/endpoints/test_terminal.py
The fix adds regression tests showing that /terminal/ws must reject missing or wrong access_token values, confirming the intended authentication boundary for the vulnerable endpoint.
Expected components
terminal websocket endpointwebsocket authentication validationPTY shell creation
Model scores(5)
openai/gpt-5.4excellent
96.00View trace
Target Alignment
98
Source To Sink Reasoning
97
Impact And Exploitability
95
Evidence Quality
93
Overclaim Control
96
anthropic/claude-opus-4.6excellent
93.10View trace
Target Alignment
96
Source To Sink Reasoning
95
Impact And Exploitability
92
Evidence Quality
88
Overclaim Control
86
moonshotai/kimi-k2.5excellent
91.00View trace
Target Alignment
30
Source To Sink Reasoning
28
Impact And Exploitability
17
Evidence Quality
9
Overclaim Control
7
z-ai/glm-5.1excellent
90.00View trace
Target Alignment
29
Source To Sink Reasoning
29
Impact And Exploitability
17
Evidence Quality
9
Overclaim Control
6
google/gemini-3.1-pro-previewexcellent
89.00View trace
Target Alignment
29
Source To Sink Reasoning
28
Impact And Exploitability
17
Evidence Quality
8
Overclaim Control
7