Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
Summary
A critical remote code execution vulnerability (CVE-2026-39987) in the open-source Python notebook Marimo has been actively exploited by attackers within 10 hours of its public disclosure. The flaw allows for pre-authenticated code execution, impacting all prior versions of Marimo.
IFF Assessment
The rapid exploitation of a critical RCE vulnerability demonstrates a significant immediate threat to systems using the affected software, highlighting the speed at which attackers can leverage newly disclosed flaws.
Severity
The CVSS score of 9.3 indicates a critical severity, likely due to its 'Attack Vector: Network' and 'Impact: High' for Confidentiality, Integrity, and Availability, coupled with ease of exploitability for pre-authenticated remote code execution.
Defender Context
This incident underscores the critical importance of rapid patching and vulnerability management for open-source software. Defenders should prioritize identifying Marimo deployments within their environments and applying available updates immediately to mitigate the risk of exploitation.