CVE-2026-39987: Marimo RCE Flaw Exploited Within Hours
·1623 words·8 mins
A missing authentication check in Marimo’s terminal WebSocket endpoint handed attackers root shells on AI notebooks across cloud platforms. Exploitation began less than 10 hours after disclosure, with credential theft completed in under 3 minutes per target.