Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
What’s new: Attackers have exploited the Marimo network vulnerability CVE-2026-39987 to gain initial access and subsequently used a large language model (LLM) agent for post-exploitation activities. The vulnerability allows unauthenticated remote code execution and affects all versions of Marimo up to and including 0.20.4. The attack involved extracting cloud credentials, retrieving an SSH private key from AWS Secrets Manager, and exfiltrating data from an internal PostgreSQL database in under two minutes.
Who’s affected
Organizations using Marimo versions prior to 0.23.0 are at risk, particularly those with publicly accessible instances. The vulnerability has been actively exploited, leading to potential data breaches.
What to do
- Update to Marimo version 0.23.0 or later to mitigate the vulnerability.
- Audit environments for publicly accessible instances of Marimo.
- Rotate credentials, API keys, and SSH keys to enhance security.
