‼️Root in One Request: Pre-Auth RCE in Marimo (CVE-2026-39987) https://t.co/p8rMki9Mwn

Summary

A critical pre-authentication remote code execution vulnerability has been disclosed in Marimo, an open-source Python notebook framework, allowing attackers to execute arbitrary code with root privileges without authentication. The vulnerability is tracked as CVE-2026-39987 and permits full system compromise in a single HTTP request.

Indicators of Compromise

• cve — CVE-2026-39987

Entities