Marimo 2026: Exploitation of CVE-2026-39987 to Deploy NKAbuse Malware via Hugging Face
Executive Summary
In April 2026, attackers exploited a critical vulnerability (CVE-2026-39987) in Marimo, a reactive Python notebook platform, to deploy a new variant of NKAbuse malware. The flaw allowed unauthenticated remote code execution via the /terminal/ws WebSocket endpoint, enabling attackers to gain full shell access and execute arbitrary commands. Within 10 hours of the vulnerability's disclosure, threat actors began exploiting it to deploy malware hosted on Hugging Face Spaces, a platform for sharing AI applications. The attackers created a typosquatted Space named 'vsccode-modetx' to host a dropper script and a malicious binary named 'kagent,' which mimicked legitimate tools to evade detection. The payload, a variant of the NKAbuse malware, utilized the NKN blockchain for command and control communications, allowing remote execution of shell commands on infected systems. This incident underscores the rapid weaponization of newly disclosed vulnerabilities and the increasing targeting of AI and machine learning development environments by sophisticated threat actors. Organizations using Marimo are urged to upgrade to version 0.23.0 or later immediately to mitigate this critical security risk.
Why This Matters Now
The rapid exploitation of CVE-2026-39987 highlights the urgency for organizations to promptly apply security patches and monitor for unusual activities, especially in AI and machine learning environments that are becoming prime targets for sophisticated attacks.
Attack Path Analysis
Attackers exploited the Marimo RCE vulnerability (CVE-2026-39987) to gain unauthorized access, escalated privileges by deploying NKAbuse malware, moved laterally to extract database credentials, established command and control via the NKN network, exfiltrated sensitive data, and potentially disrupted services.
Kill Chain Progression
Initial Compromise
Description
Attackers exploited the Marimo RCE vulnerability (CVE-2026-39987) to gain unauthorized access to the system.
Related CVEs
CVE-2026-39987
CVSS 9.3A pre-authentication remote code execution vulnerability in Marimo's terminal WebSocket endpoint allows unauthenticated attackers to execute arbitrary system commands.
Affected Products:
Marimo-team Marimo – < 0.23.0
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Command and Scripting Interpreter: Unix Shell
Valid Accounts
OS Credential Dumping
Ingress Tool Transfer
Application Layer Protocol: Web Protocols
Phishing: Spearphishing Attachment
Hijack Execution Flow: DLL Side-Loading
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity
Control ID: Pillar 1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Critical exposure through Marimo Python notebook exploitation enabling Remote Access Trojan deployment, threatening development environments and source code integrity.
Information Technology/IT
High risk from NKAbuse malware leveraging blockchain communications for command and control, bypassing traditional security controls in IT infrastructure.
Financial Services
Significant threat from credential theft and lateral movement capabilities targeting databases and Redis servers containing sensitive financial data and session tokens.
Health Care / Life Sciences
Critical compliance risk under HIPAA regulations due to data exfiltration capabilities and inadequate encrypted traffic protection for patient data systems.
Sources
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Facehttps://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/Verified
- Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosurehttps://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.htmlVerified
- Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypasshttps://advisories.gitlab.com/pkg/pypi/marimo/CVE-2026-39987/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's initial access may have been constrained by identity-aware policies, reducing unauthorized entry points.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges may have been limited by enforcing least-privilege access controls.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement may have been constrained by monitoring and controlling east-west traffic.
Control: Multicloud Visibility & Control
Mitigation: The attacker's command and control communications may have been detected and disrupted by comprehensive visibility across cloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration efforts may have been limited by enforcing strict egress policies.
The overall impact of the attack may have been reduced by limiting unauthorized access and data exfiltration.
Impact at a Glance
Affected Business Functions
- Data Analysis
- Machine Learning Operations
- Research and Development
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of sensitive research data and intellectual property.
Recommended Actions
Key Takeaways & Next Steps
- • Implement inline Intrusion Prevention Systems (IPS) to detect and block exploitation attempts of known vulnerabilities like CVE-2026-39987.
- • Enforce Zero Trust Segmentation to limit lateral movement by restricting access between workloads based on identity and policy.
- • Utilize East-West Traffic Security controls to monitor and control internal traffic, preventing unauthorized lateral movement.
- • Deploy Egress Security & Policy Enforcement mechanisms to detect and block unauthorized data exfiltration attempts.
- • Enhance Threat Detection & Anomaly Response capabilities to identify and respond to malicious activities promptly.
