Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical pre-authenticated remote code execution vulnerability (CVE-2026-39987, CVSS 9.3) in Marimo, an open-source Python notebook for data science, was actively exploited within 10 hours of public disclosure. All versions of Marimo prior to and including the affected version are vulnerable. The vulnerability allows attackers to execute arbitrary code without authentication, posing severe risk to data integrity and system access. Organizations using Marimo should immediately update to the latest patched version. The rapid weaponization highlights the importance of immediate patching for critical vulnerabilities in web-facing applications and continuous monitoring for exploitation attempts.

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including

A critical pre-authenticated remote code execution vulnerability (CVE-2026-39987, CVSS 9.3) in Marimo, an open-source Python notebook for data science, was actively exploited within 10 hours of public disclosure. All versions of Marimo prior to and including the affected version are vulnerable. The vulnerability allows attackers to execute arbitrary code without authentication, posing severe risk to data integrity and system access. Organizations using Marimo should immediately update to the latest patched version. The rapid weaponization highlights the importance of immediate patching for critical vulnerabilities in web-facing applications and continuous monitoring for exploitation attempts. A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including