CVE-2026-39987CRITICAL 9.8CISA KEVEPSS p99.9%

CVE-2026-39987Marimo Remote Code Execution Vulnerability

Marimo / Marimo

Description

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS95.64% probability of exploitation · percentile 99.9% · 2026-06-17T12:03:21Z
Published2026-04-09
Last modified2026-04-23

CISA KEV entry

Added to KEV: 2026-04-23

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/marimo-team/marimo/commit/c24d4806398f30be6b12acd6c60d1d7c68cfd12a
  2. https://github.com/marimo-team/marimo/pull/9098
  3. https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-39987
  5. https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMarimo Remote Code Execution Vulnerabilitykev-cve-2026-399870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29902
CVE
CVE-2026-32968
CVE
CVE-2026-22907
CVE
CVE-2025-6542
CVE
CVE-2026-3999
CVE
CVE-2025-30023
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.