CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
The Hacker News

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.
GitHub

THIRD_PARTY_NOTICES.md

Flask 3.1.2 BSD-3-Clause https://github.com/pallets/flask/ Jinja2 3.1.6 BSD License https://github.com/pallets/jinja/ MarkupSafe 3.0.3 BSD-3-Clause https://github.com ...