Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

2026-04-10

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A critical RCE vulnerability in Marimo Python notebook was exploited within 10 hours of disclosure, demonstrating rapid weaponization of newly disclosed flaws.

•CVE-2026-39987 (CVSS 9.3) affects Marimo versions prior to 0.23.0, lacking authentication on the /terminal/ws WebSocket endpoint
•Attackers gain full PTY shell access and can execute arbitrary system commands without credentials
•Sysdig observed first exploitation 9 hours 41 minutes after disclosure, with credential theft operations conducted within minutes
•The threat actor manually explored the system, attempted to harvest data from .env files, and searched for SSH keys
•The rapid exploitation highlights that threat actors actively monitor vulnerability disclosures and exploit them quickly, affecting any internet-facing application regardless of popularity

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Privacy-first connections: Empowering social experiences at Airbnb

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud