VulnHub

Real-time Cybersecurity News

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

The Hacker News
Actively Exploited
2 Sources
Reporting on this topic
The Hacker NewsSecurity Affairs
CVEVulnerabilityRCECritical

Overview

A serious vulnerability in Marimo, an open-source Python notebook designed for data science, has been exploited within just 10 hours of being made public. The flaw, identified as CVE-2026-39987, allows attackers to execute remote code without needing authentication, affecting all versions of Marimo up to and including the latest release. Researchers from Sysdig reported this rapid exploitation, underscoring the urgency for users to address this security gap. Organizations using Marimo need to prioritize patching their installations to avoid potential breaches, as the high CVSS score of 9.3 indicates a significant risk. The swift exploitation of this vulnerability serves as a reminder of the importance of timely updates and security practices in software development.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: All versions of Marimo prior to and including the latest release
  • Action Required: Users should immediately update to the latest version of Marimo to mitigate the risk associated with this vulnerability.
  • Timeline: Disclosed on [date of disclosure]

Original Article Summary

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including

Impact

All versions of Marimo prior to and including the latest release

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date of disclosure]

Remediation

Users should immediately update to the latest version of Marimo to mitigate the risk associated with this vulnerability.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, RCE, and 1 more.

Multiple Sources: This threat is being reported by 2 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

The Hacker News

A threat actor has been exploiting a vulnerability in Marimo notebooks, specifically CVE-2026-39987, to gain unauthorized access. After taking control of a publicly accessible notebook, the attacker utilized a large language model (LLM) agent to carry out further actions. They extracted cloud credentials from the compromised system, which could potentially lead to additional breaches or data leaks. This incident raises concerns for organizations using Marimo products, as it demonstrates how quickly attackers can adapt and use advanced tools for post-exploitation activities. Companies must remain vigilant and ensure their systems are secured against such vulnerabilities.

May 29, 2026

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Security Affairs

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

Apr 11, 2026