VulnHub

Real-time Cybersecurity News

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Security Affairs
Actively Exploited
2 Sources
Reporting on this topic
The Hacker NewsSecurity Affairs
CVEVulnerabilityRCECritical

Overview

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Marimo (open-source Python notebook tool)
  • Action Required: Users should apply patches as soon as they are available.
  • Timeline: Disclosed on April 8, 2026

Original Article Summary

A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure. A critical flaw in Marimo, tracked as CVE-2026-39987 (CVSS score of 9.3) was exploited just 10 hours after disclosure (On April 8, 2026). Sysdig Threat Research Team observed exploitation of the Marimo flaw within 9 […]

Impact

Marimo (open-source Python notebook tool)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on April 8, 2026

Remediation

Users should apply patches as soon as they are available. It's also advisable to limit access to the Marimo tool and monitor for any unusual activity in systems that use it.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, RCE, and 1 more.

Multiple Sources: This threat is being reported by 2 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

The Hacker News

A threat actor has been exploiting a vulnerability in Marimo notebooks, specifically CVE-2026-39987, to gain unauthorized access. After taking control of a publicly accessible notebook, the attacker utilized a large language model (LLM) agent to carry out further actions. They extracted cloud credentials from the compromised system, which could potentially lead to additional breaches or data leaks. This incident raises concerns for organizations using Marimo products, as it demonstrates how quickly attackers can adapt and use advanced tools for post-exploitation activities. Companies must remain vigilant and ensure their systems are secured against such vulnerabilities.

May 29, 2026

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

The Hacker News

A serious vulnerability in Marimo, an open-source Python notebook designed for data science, has been exploited within just 10 hours of being made public. The flaw, identified as CVE-2026-39987, allows attackers to execute remote code without needing authentication, affecting all versions of Marimo up to and including the latest release. Researchers from Sysdig reported this rapid exploitation, underscoring the urgency for users to address this security gap. Organizations using Marimo need to prioritize patching their installations to avoid potential breaches, as the high CVSS score of 9.3 indicates a significant risk. The swift exploitation of this vulnerability serves as a reminder of the importance of timely updates and security practices in software development.

Apr 10, 2026