๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-39987: Marimo Remote Code Execution Vulnerability
Summary
Marimo has a pre-authorization remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) that allows unauthenticated attackers to gain shell access and execute arbitrary commands without needing to log in first. This vulnerability is actively being exploited in real-world attacks.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 7.0%
Yes
๐ฅ Actively Exploited
April 22, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-39987
First tracked: April 23, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 85%