CVE-2026-39987 – Marimo
CVSS 9.8
CRITICAL
“A critical flaw in a developer tool can turn convenience into compromise.”
Marimo addressed CVE-2026-39987, a critical vulnerability that allows remote code execution within its platform. The issue stems from improper handling of user input or execution flows, enabling attackers to run arbitrary code and potentially gain full control of the host system and connected environments.
CVE-2026-39987 has a CVSS score of 9.3, which is Critical severity. There is no verified evidence of active exploitation or publicly available proof-of-concept code. The patch secures execution pathways and strengthens input validation to prevent unauthorized code execution.
Key Details
- Affected Product
- Coreweave Marimo
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.