Known exploited
Marimo
CVE published 2026-04-23
CVE-2026-39987
CVE-2026-39987 is a Marimo remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-04-23. Because it is listed in KEV, defenders should treat it as actively exploited and prioritize remediation immediately. CISA’s required-action guidance is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the pro [truncated]