Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A critical pre-authentication remote code execution vulnerability in Marimo, a Python notebook platform, was exploited in under 10 hours after its public disclosure. The flaw, tracked as CVE-2026-39987 with a severity score of 9.3, affects all Marimo versions prior to 0.23.0 and can be triggered by a single connection request to a specific endpoint, requiring no login or stolen credentials. This vulnerability poses a significant threat as it can be exploited without complex measures, making it an attractive target for attackers. The rapid exploitation of this flaw highlights the importance of prompt patching and mitigation. The vulnerability's public disclosure has expanded the active attack surface, making it crucial for entities to prioritize their exposure and exploitation evidence¹. This incident serves as a reminder for practitioners to stay vigilant and take immediate action to protect their systems from such critical vulnerabilities.