CVE-2026-39987: Marimo Remote Code Execution Vulnerability
Summary
A critical pre-authorization remote code execution (RCE) vulnerability, identified as CVE-2026-39987, has been discovered in Marimo. This flaw allows unauthenticated attackers to gain shell access and execute arbitrary system commands.
IFF Assessment
This vulnerability allows unauthenticated attackers to execute arbitrary code, posing a significant threat to systems.
Severity
The CVSS score is estimated to be 9.8 (Critical) due to the pre-authorization nature of the attack, the ability to execute arbitrary code, and the high impact on system availability and integrity. The attack vector is network-based and requires no user interaction.
CISA KEV: Listed as actively exploited. Federal patch due: May 07, 2026. Known ransomware use: Unknown.
Defender Context
This critical RCE vulnerability in Marimo requires immediate attention for defenders, especially those managing cloud services subject to BOD 22-01. Organizations must apply vendor-provided mitigations or consider discontinuing use if fixes are unavailable to prevent potential compromise.