The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
A new initiative by Matterhorn and the ASI Alliance adds auditing tools and safety checks for vibe coding smart contracts.
Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results