Critical Marimo Python Notebook Zero-Day Exploited Within 10 Hours of Disclosure — CVE-2026-39987

Summary

A critical pre-authentication remote code execution (RCE) vulnerability in the open-source Marimo Python notebook platform, tracked as CVE-2026-39987 with a CVSS severity score of 9.3, was actively exploited in the wild less than 10 hours after public disclosure. The flaw allows unauthenticated attackers to gain a full interactive shell and execute arbitrary system commands on exposed Marimo instances without any credentials.

Security researchers observed credential theft beginning within minutes on honeypot servers. The vulnerability has been patched in Marimo version 0.23.0, and all users running exposed instances are urged to update immediately.

Source

Reported by CSO Online, CISO Series, and Check Point Research.

Commentary

Ten hours from disclosure to active exploitation is terrifyingly fast, but it’s becoming the norm. Attackers have automated the CVE-to-exploit pipeline to the point where “responsible disclosure” timelines feel almost quaint. If you’re running a Marimo notebook exposed to the internet — even behind basic auth — you were likely already scanned.

This is a broader wake-up call for the data science ecosystem. Jupyter, Marimo, and similar notebook platforms were never designed as internet-facing services, yet they routinely get deployed that way in cloud environments. A pre-auth RCE with a 9.3 CVSS turning into instant credential theft is exactly the scenario that makes enterprise security teams lose sleep. Patch now, audit your exposure, and seriously reconsider whether your notebooks need public IP addresses.