Tag
Marimo versions 0.20.4 and earlier contain a pre-authentication remote code execution vulnerability in the `/terminal/ws` WebSocket endpoint, allowing unauthenticated attackers to execute arbitrary system commands, resulting in a full interactive root shell.