CVE-2026-39987 - Marimo Remote Code Execution Vulnerability
Project:Marimo
Product:Marimo
Date Added:2026-04-23Due Date:2026-05-07
Vulnerability Name
Marimo Remote Code Execution Vulnerability
Description
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
https://nvd.nist.gov/vuln/detail/CVE-2026-39987
Related News Articles
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 ExploitMay 29, 2026