CVE-2026-39987 – marimo
CVSS 9.8
CRITICAL
“An actively exploited authentication gap can turn a development platform into an attacker’s entry point.”
marimo-team released a patch for a critical vulnerability affecting marimo. CVE-2026-39987 has a CVSS score of 9.3, which is Critical severity.
The vulnerability involves missing authentication for a critical function that could allow privilege escalation in affected marimo environments. The vulnerability is under active exploitation. The update strengthens authentication controls and reduces the risk of unauthorized access to administrative and privileged functionality.
Key Details
- Affected Product
- Coreweave Marimo
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-306
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.