CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-39987, a Marimo Remote Code Execution Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. This addition mandates remediation for federal agencies and is strongly recommended for all organizations as a proactive security measure.
IFF Assessment
The addition of an actively exploited vulnerability to CISA's KEV catalog indicates a new, confirmed threat that defenders must prioritize addressing.
Severity
A remote code execution vulnerability actively exploited by malicious actors generally carries a high CVSS score due to the significant impact of unauthorized code execution on targeted systems, coupled with strong exploitability factors.
CISA KEV: Listed as actively exploited. Federal patch due: May 07, 2026. Known ransomware use: Unknown.
Defender Context
This alert highlights the importance of continuously monitoring for newly added vulnerabilities in the KEV catalog, as these are known to be actively exploited. Defenders should prioritize patching or mitigating CVE-2026-39987 and similar vulnerabilities to prevent successful attacks.