Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Summary
Hackers are exploiting a critical vulnerability in Marimo (a Python notebook tool) called CVE-2026-39987 (remote code execution, where attackers can run commands on systems they don't own) to deploy NKAbuse malware from Hugging Face Spaces (a platform for sharing AI applications). The attacks began within 10 hours of technical details becoming public, with attackers using fake application names to trick users into downloading malware that steals credentials and allows remote control of infected systems.
Solution / Mitigation
Users should upgrade to Marimo version 0.23.0 or later immediately. If upgrading is not possible, block external access to the '/terminal/ws' endpoint using a firewall, or block it entirely.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/
First tracked: April 16, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%