AI Toolchain

Vulnerabilities 2026-04-12
Marimo CVE-2026-39987: Pre-Auth RCE Exploited Within 10 Hours of Disclosure
A missing authentication check on Marimo's terminal WebSocket endpoint (CVE-2026-39987, CVSS 9.3) gave attackers a root shell with no credentials required — and they were actively exploiting it less than 10 hours after the advisory dropped.
CVE RCE python AI toolchain websocket credential theft active exploitation

Marimo CVE-2026-39987: Pre-Auth RCE Exploited Within 10 Hours of Disclosure