据Sysdig威胁研究团队披露，AI云计算公司CoreWeave旗下开源Python笔记本平台Marimo存在一个严重的预认证远程代码执行漏洞，该漏洞在公开披露后不到10小时便遭到了实际攻击。 该漏洞编号为CVE-2026-39987，严重性评分为9 ...

Sysdig在多个云服务提供商上部署了运行存在漏洞的Marimo实例的蜜罐服务器，并在漏洞披露后9小时41分钟内观察到了首次攻击尝试。攻击者仅凭安全公告的描述便自行构建了利用代码，分四个阶段展开行动：确认漏洞可利用、手动浏览服务器文件系统、定位并读取包含AWS访问密钥及其他应用凭据的环境文件。整个操作耗时不到三分钟。

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...

Marimo is an integrated development environment for Python that combines code, results, visualizations, and documentation.