Share
## https://sploitus.com/exploit?id=FFA02F58-5734-5845-A247-E93976549DE5
# CVE-2026-39987 | Marimo Pre-Auth RCE Exploit
**Military Grade Exploitation Framework** | **CVSS 9.3 (Critical)** | **Affected: Marimo โค 0.20.4**
---
## ๐ Table of Contents
- [Overview](#overview)
- [Installation](#installation)
- [Usage - Exploit Commands](#usage---exploit-commands)
- [Interactive Shell Commands](#interactive-shell-commands)
- [System Information](#system-information)
- [File System Navigation](#file-system-navigation)
- [Sensitive Files](#sensitive-files)
- [Network Reconnaissance](#network-reconnaissance)
- [Process & Service Enumeration](#process--service-enumeration)
- [Privilege Escalation](#privilege-escalation)
- [Persistence & Backdoors](#persistence--backdoors)
- [Data Exfiltration](#data-exfiltration)
- [Lateral Movement](#lateral-movement)
- [Miscellaneous](#miscellaneous)
---
## Overview
This exploit targets Marimo applications running WebSocket on port `2718` (default). The vulnerability allows unauthenticated command execution through a WebSocket authentication bypass.
**Attack Vector:** WebSocket Auth Bypass
**Shell Type:** Interactive PTY
**Impact:** Full Remote Code Execution (RCE)
---
## Installation
```bash
pip install websocket-client colorama rich pyfiglet
git clone https://github.com/your-repo/CVE-2026-39987.git
cd CVE-2026-39987