CVE- 2026-39987, a pre-auth remote code execution flaw in the open-source Python notebook tool Marimo, was exploited within hours of its disclosure, with exploitation observed on 8 April 2026. The Sysdig Threat Research Team noted that exploitation occurred within 9 hours and 41 minutes of the advisory’s publication, and credential theft was completed in under three minutes, all despite no public PoC code at the time.
Marimo is used for data science, analysis and interactive coding, and versions up to 0.20.4 are affected, with 0.23.0 addressing the issue. The vulnerability allows unauthenticated access via the terminal WebSocket endpoint /terminal/ws, which lacks authentication validation, enabling an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands, according to the advisory.
According to Sysdig, attackers built the exploit directly from that advisory, illustrating how quickly threat actors can weaponise niche software and suggesting AI-assisted tooling may accelerate such attacks. The report also highlights rapid post‑exploitation activity, including credential theft, after initial access.