据Sysdig威胁研究团队披露，AI云计算公司CoreWeave旗下开源Python笔记本平台Marimo存在一个严重的预认证远程代码执行漏洞，该漏洞在公开披露后不到10小时便遭到了实际攻击。 该漏洞编号为CVE-2026-39987，严重性评分为9.3分（满分10分），影响0.23.0版本之前的所有Marimo ...

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...