Topic
#rce
3 articles exploring rce. Expert insights and analysis from our editorial team.
Showing 1–3 of 3 articles
Articles
Newest first
Security
Marimo CVE-2026-39987 Exposed Unauthenticated Root Shells Within Hours of Disclosure
Marimo's /terminal/ws endpoint granted unauthenticated attackers a full PTY shell. CVE-2026-39987 was actively exploited within 9 hours and 41 minutes of disclosure.
Security
CVE-2026-39987's 9-Hour Exploitation Window Exposes the Credential Gap at the Heart of AI Dev Infrastructure
CVE-2026-39987 gave attackers a root shell on Marimo in under 10 hours, targeting LLM API keys and AWS credentials that dev-grade notebook security routinely leaves exposed.
Security
Flowise's CVE-2026-41264 Turns an LLM-Written `import` Statement Into Unauthenticated RCE — and Breaks the Regex-Gated Sandbox
CVE-2026-41264 (CVSS 9.8) shows how a regex import allowlist in Flowise's CSV Agent fails when the LLM writes the code: aliasing os as pandas bypasses the filter and reaches.