A critical remote code execution flaw in Marimo, a popular open-source Python notebook, was exploited mere hours after its public disclosure. The vulnerability, tracked as CVE-2026-39987, carries a CVSS score of 9.3 and affects all Marimo versions prior to the latest patch. This pre-authenticated vulnerability allows attackers to execute arbitrary code, posing a significant threat to data science and analysis environments. Exploitation occurred within 10 hours of disclosure, as reported by Sysdig, highlighting the swift response of malicious actors to newly announced vulnerabilities1. The rapid exploitation of CVE-2026-39987 underscores the importance of prompt patching and highlights the need for organizations to prioritize vulnerability management based on their specific exposure and evidence of exploitation. This incident matters to security practitioners because it demonstrates the urgent need to address critical vulnerabilities in widely used open-source tools.