Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system comm…

CVE-2026-39987 is a critical pre-authorization remote code execution vulnerability in Marimo that allows unauthenticated attackers to gain shell access and execute arbitrary system commands. This vulnerability poses a high security risk as it requires no authentication and can lead to complete system compromise. The vulnerability has been documented by CISA and tracked on GitHub security advisories. Given the nature of remote code execution without authentication requirements, this represents a severe security flaw that could be easily exploited by malicious actors. Organizations using Marimo should prioritize patching this vulnerability immediately.