据Sysdig威胁研究团队披露，AI云计算公司CoreWeave旗下开源Python笔记本平台Marimo存在一个严重的预认证远程代码执行漏洞，该漏洞在公开披露后不到10小时便遭到了实际攻击。 该漏洞编号为CVE-2026-39987，严重性评分为9.3分（满分10分），影响0.23.0版本之前的所有Marimo ...

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...

As indicated by a warning message, the authentication in the context of the WebSocket endpoint /terminal/ws is broken, and attackers can exploit the “critical” vulnerability (CVE-2026-39987) without ...

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. Attacks leveraging the remote code ...

Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform just 10 hours after its public disclosure. The flaw allows remote code execution without ...