Critical Marimo RCE Vulnerability (CVE-2026-39987) Actively Exploited

A critical pre-authenticated remote code execution vulnerability (CVE-2026-39987) in Marimo, a Python notebook for data science, is being actively exploited. The flaw, with a CVSS v4.0 score of 9.3, allows unauthenticated attackers to gain an interactive shell via a WebSocket connection. Users are advised to upgrade to Marimo version 0.23.0 immediately.

Context

CVE-2026-39987 is a critical vulnerability in Marimo, a widely used Python notebook for data science. With a CVSS v4.0 score of 9.3, it is classified as highly severe, indicating the potential for serious consequences if left unaddressed. The vulnerability enables attackers to execute remote code without authentication, making it particularly dangerous.

Why it matters

The active exploitation of the Marimo RCE vulnerability poses significant risks to data security and system integrity for users of the software. This flaw allows unauthorized access, potentially leading to data breaches or system compromises. Prompt action is crucial to mitigate these risks and protect sensitive information.

Implications

If the vulnerability continues to be exploited, organizations using Marimo could face significant operational disruptions and financial losses. Data integrity and confidentiality may be compromised, affecting both individual users and larger institutions. The incident underscores the importance of timely software updates and proactive security measures.

What to watch

Users of Marimo should prioritize upgrading to version 0.23.0 to safeguard against this vulnerability. Monitoring for any reported incidents of exploitation will be essential in assessing the impact of this flaw. Additionally, security updates and advisories from the developers may provide further guidance.