The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
Abstract: Based on Node.js service,this study combines WebSocket and WebRTC technologies to build an online collaboration platform that supports real-time collaboration and multi-terminal ...
Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results