Critical RCE Vulnerability in Marimo Exploited Within Hours of Disclosure

📌 A critical remote code execution (RCE) vulnerability in the open-source Python notebook tool Marimo, tracked as CVE-2026-39987 with a CVSS score of 9.3, was exploited within 10 hours of its disclosure on April 8, 2026. The Sysdig Threat Research Team observed active exploitation of the flaw shortly after public exposure. No specific targets or attack vectors were detailed beyond the rapid exploitation timeline. The vulnerability affects Marimo, a tool used for interactive Python notebooks, though the exact technical mechanism of the flaw was not described. The incident highlights the speed at which threat actors capitalize on newly disclosed critical vulnerabilities.