Marimo
Coverage of Marimo in the Nexus archive.
- Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor used an LLM agent for post-compromise actions after exploiting a publicly-accessible Marimo network via CVE-2026-39987, extracting cloud credentials from the compromised system.
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Hackers are exploiting a critical vulnerability in the Marimo reactive Python notebook to deploy a new variant of NKAbuse malware, which is hosted on Hugging Face Spaces. This security flaw allows malicious actors to distribute malware through a popular machine learning platform.
- Critical Marimo pre-auth RCE flaw now under active exploitation
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is being actively exploited for credential theft. The flaw allows attackers to execute arbitrary code without prior authentication, posing significant security risks.
- Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical remote code execution vulnerability (CVE-2026-39987) in Marimo, a Python data science notebook, was exploited within 10 hours of disclosure. The flaw affects all versions up to a specific release and was identified by Sysdig with a CVSS score of 9.3.