← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Marimo Vulnerability Allows Remote Code Execution
WHITE CODERED_VTA 2026-04-12 Modified: 2026-04-12
4
IOCs
LOW VOLUME
A critical vulnerability has been discovered in the Marimo open-source Python notebook tool, which is used for data science, analysis, and interactive coding. The bug, tracked as CVE-2026-39987, has a CVSS score of 9.3 and affects versions up to 0.20.4. This vulnerability allows pre-authenticated remote code execution, enabling an attacker to obtain a full PTY shell and execute arbitrary system commands. The Marimo tool has approximately 20,000 GitHub stars, making it a relatively niche tool. Ho...
initial-accessexecutionprivilege-escalationT1190T1204highvtathreat-intelligence
Indicators of Compromise (4)
All CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2026-39987 2026-04-12
CVE CVE-2026-33017 2026-04-12
domain githubcopilot.com 2026-04-12
hostname api.githubcopilot.com 2026-04-12
References (3)
↗ https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ↗ https://securityaffairs.com/190623/hacking/cve-2026-39987-marimo-rce-exploited-in-hours-after-disclosure.html ↗ https://nvd.nist.gov/v1/nvd.xhtml?nvdlistdetails=cve-2026-39987