marimo-team News Articles

Recent news articles refferecing the vendors vulnerabilities.

CVE-2026-39987

Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face - IT Security News

A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry…Read more →

2 weeks ago

It Security News

CVE-2026-39987

Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face - IT Security News

Attackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high‑value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement...

2 weeks ago

BleepingComputer

CVE-2026-39987

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces.

2 weeks ago

IT Security News

CVE-2026-39987

Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure - IT Security News

A critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical CVSS score…Read more...

2 weeks ago

BleepingComputer

CVE-2026-39987