Exposures › CVE-2026-39987
Marimo's Marimo product allows unauthenticated attackers to execute arbitrary system commands via CVE-2026-39987.
This pre-authentication RCE vulnerability enables attackers to gain shell access and execute arbitrary commands without authentication, posing a severe risk to DIB organizations relying on Marimo for security-critical infrastructure. Immediate patching and network segmentation are required to prevent unauthorized access and potential data exfiltration.
Shame score — A pre-authentication RCE vulnerability allows unauthenticated attackers to execute arbitrary system commands, representing a critical security failure that could lead to significant data breaches and compliance violations.
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
No correlated FedRAMP products.