Critical Flaw in Marimo Python Notebook Exploited Within 10 Hours of Disclosure
A critical vulnerability in Marimo, an open-source Python notebook platform, was exploited less than 10 hours after its public disclosure. The flaw, identified as CVE-2026-39987, allows remote code execution without authentication, affecting all versions before 0.23.0. The Sysdig Threat Research Team reported that attackers could gain complete control of the system by sending a single connection request to a specific endpoint on an exposed Marimo server. This vulnerability was exploited in the wild, with attackers stealing credentials in under three minutes. The exploitation aligns with a trend of rapid weaponization of vulnerabilities in AI and open-source tools. 
