https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 11 Jun 2026 22:15:27 +0000 https://vulnerability.circl.lu/sighting/aef6f5f2-5b11-4661-904f-cd5a733edb9a/export {"uuid": "aef6f5f2-5b11-4661-904f-cd5a733edb9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mn47aa4gx22g", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit\n\nAn unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-acc\u2026\n#hackernews #llm #news", "creation_timestamp": "2026-05-30T23:27:02.393101Z"} {"uuid": "aef6f5f2-5b11-4661-904f-cd5a733edb9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mn47aa4gx22g", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit\n\nAn unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-acc\u2026\n#hackernews #llm #news", "creation_timestamp": "2026-05-30T23:27:02.393101Z"} https://vulnerability.circl.lu/sighting/aef6f5f2-5b11-4661-904f-cd5a733edb9a/export Sat, 30 May 2026 23:27:02 +0000 https://vulnerability.circl.lu/sighting/d520587b-90d4-4380-828e-854f6cd7a805/export {"uuid": "d520587b-90d4-4380-828e-854f6cd7a805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mn4dd6qbxs2k", "content": "A new authentication bypass vulnerability (CVE-2026-39987, CVE-2026-39987) is being actively exploited in the wild. The target: LLM, Marimo. This is n\n\nThis is not the first time a critical authentication bypass has been found in LL\n\nhttps://securitycyber.uk\n\n\n\nhttps://securitycyber.uk | Training: h", "creation_timestamp": "2026-05-31T00:40:16.251295Z"} {"uuid": "d520587b-90d4-4380-828e-854f6cd7a805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mn4dd6qbxs2k", "content": "A new authentication bypass vulnerability (CVE-2026-39987, CVE-2026-39987) is being actively exploited in the wild. The target: LLM, Marimo. This is n\n\nThis is not the first time a critical authentication bypass has been found in LL\n\nhttps://securitycyber.uk\n\n\n\nhttps://securitycyber.uk | Training: h", "creation_timestamp": "2026-05-31T00:40:16.251295Z"} https://vulnerability.circl.lu/sighting/d520587b-90d4-4380-828e-854f6cd7a805/export Sun, 31 May 2026 00:40:16 +0000 https://vulnerability.circl.lu/sighting/065e3764-bdd4-4a21-b80a-73703ede0db8/export {"uuid": "065e3764-bdd4-4a21-b80a-73703ede0db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mn4jisrb4f2i", "content": "Top 3 CVE for last 7 days:\nCVE-2026-48095: 19 interactions\nCVE-2026-0257: 17 interactions\nCVE-2026-26980: 16 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0257: 14 interactions\nCVE-2026-21852: 3 interactions\nCVE-2026-39987: 3 interactions\n", "creation_timestamp": "2026-05-31T02:30:48.180899Z"} {"uuid": "065e3764-bdd4-4a21-b80a-73703ede0db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mn4jisrb4f2i", "content": "Top 3 CVE for last 7 days:\nCVE-2026-48095: 19 interactions\nCVE-2026-0257: 17 interactions\nCVE-2026-26980: 16 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0257: 14 interactions\nCVE-2026-21852: 3 interactions\nCVE-2026-39987: 3 interactions\n", "creation_timestamp": "2026-05-31T02:30:48.180899Z"} https://vulnerability.circl.lu/sighting/065e3764-bdd4-4a21-b80a-73703ede0db8/export Sun, 31 May 2026 02:30:48 +0000 https://vulnerability.circl.lu/sighting/6c0643b6-7349-49c2-9ab7-f01c89bd9002/export {"uuid": "6c0643b6-7349-49c2-9ab7-f01c89bd9002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mn4msnddw72h", "content": "Unknown threat actor used a large language model (LLM) to conduct post-compromise actions after exploiting a public Marimo network (CVE-2026-39987). Stay alert for AI-driven attacks.", "creation_timestamp": "2026-05-31T03:29:59.263644Z"} {"uuid": "6c0643b6-7349-49c2-9ab7-f01c89bd9002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mn4msnddw72h", "content": "Unknown threat actor used a large language model (LLM) to conduct post-compromise actions after exploiting a public Marimo network (CVE-2026-39987). Stay alert for AI-driven attacks.", "creation_timestamp": "2026-05-31T03:29:59.263644Z"} https://vulnerability.circl.lu/sighting/6c0643b6-7349-49c2-9ab7-f01c89bd9002/export Sun, 31 May 2026 03:29:59 +0000 https://vulnerability.circl.lu/sighting/df01ccd4-48d1-4863-9d63-957b8a1dc9f1/export {"uuid": "df01ccd4-48d1-4863-9d63-957b8a1dc9f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116668135516466708", "content": "\u26a0\ufe0f Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions \u22640.20.4.\nThe intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes.\nFull report: https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html", "creation_timestamp": "2026-05-31T08:01:12.803701Z"} {"uuid": "df01ccd4-48d1-4863-9d63-957b8a1dc9f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116668135516466708", "content": "\u26a0\ufe0f Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions \u22640.20.4.\nThe intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes.\nFull report: https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html", "creation_timestamp": "2026-05-31T08:01:12.803701Z"} https://vulnerability.circl.lu/sighting/df01ccd4-48d1-4863-9d63-957b8a1dc9f1/export Sun, 31 May 2026 08:01:12 +0000 https://vulnerability.circl.lu/sighting/7ad8657d-baa2-4b40-800c-a176add0188a/export {"uuid": "7ad8657d-baa2-4b40-800c-a176add0188a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/mwyr.es/post/3mn6zrgdceq2x", "content": "Attackers Use LLM Agent For Post-Exploitation After Marimo CVE-2026-39987 Exploit - https://mwyr.es/pUqIWw5L #thn #infosec", "creation_timestamp": "2026-06-01T02:27:16.202643Z"} {"uuid": "7ad8657d-baa2-4b40-800c-a176add0188a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/mwyr.es/post/3mn6zrgdceq2x", "content": "Attackers Use LLM Agent For Post-Exploitation After Marimo CVE-2026-39987 Exploit - https://mwyr.es/pUqIWw5L #thn #infosec", "creation_timestamp": "2026-06-01T02:27:16.202643Z"} https://vulnerability.circl.lu/sighting/7ad8657d-baa2-4b40-800c-a176add0188a/export Mon, 01 Jun 2026 02:27:16 +0000 https://vulnerability.circl.lu/sighting/668714f0-0108-465e-9553-ac356ed8969d/export {"uuid": "668714f0-0108-465e-9553-ac356ed8969d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mn7i63i47k2k", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit reconbee.com/attackers-us...\n\n#LLM #Marimo #largelanguagemodels #llmagent #cybersecurity", "creation_timestamp": "2026-06-01T06:44:56.421678Z"} {"uuid": "668714f0-0108-465e-9553-ac356ed8969d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mn7i63i47k2k", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit reconbee.com/attackers-us...\n\n#LLM #Marimo #largelanguagemodels #llmagent #cybersecurity", "creation_timestamp": "2026-06-01T06:44:56.421678Z"} https://vulnerability.circl.lu/sighting/668714f0-0108-465e-9553-ac356ed8969d/export Mon, 01 Jun 2026 06:44:56 +0000 https://vulnerability.circl.lu/sighting/0bffe034-6838-414e-a968-71977667c88b/export {"uuid": "0bffe034-6838-414e-a968-71977667c88b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnhzfo6tsr2e", "content": "\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30aa\u30fc\u30b1\u30b9\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u5c64\u306b\u5230\u9054\uff1aAI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u4e3b\u5c0e\u306e\u30b3\u30f3\u30c6\u30ca\u30a8\u30b9\u30b1\u30fc\u30d7\n\n\u8105\u5a01\u30ea\u30b5\u30fc\u30c1 \u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e745\u670829\u65e5\u3001Sysdig\u8105\u5a01\u30ea\u30b5\u30fc\u30c1\u30c1\u30fc\u30e0\uff08TRT\uff09\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u8106\u5f31\u306amarimo\u30ce\u30fc\u30c8\u30d6\u30c3\u30af\uff08CVE-2026-39987\uff09\u3092\u60aa\u7528\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5c64\u3092\u8d85\u3048\u3066\u5c55\u958b\u3059\u308b\u5b8c\u5168\u81ea\u52d5\u5316\u3055\u308c\u305f\u30ad\u30eb\u30c1\u30a7\u30fc\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u306e\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u653b\u6483\u306e\u5404\u6bb5\u968e\u306b\u306f\u3001\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\uff08A...", "creation_timestamp": "2026-06-04T16:14:39.064408Z"} {"uuid": "0bffe034-6838-414e-a968-71977667c88b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnhzfo6tsr2e", "content": "\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30aa\u30fc\u30b1\u30b9\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u5c64\u306b\u5230\u9054\uff1aAI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u4e3b\u5c0e\u306e\u30b3\u30f3\u30c6\u30ca\u30a8\u30b9\u30b1\u30fc\u30d7\n\n\u8105\u5a01\u30ea\u30b5\u30fc\u30c1 \u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e745\u670829\u65e5\u3001Sysdig\u8105\u5a01\u30ea\u30b5\u30fc\u30c1\u30c1\u30fc\u30e0\uff08TRT\uff09\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u8106\u5f31\u306amarimo\u30ce\u30fc\u30c8\u30d6\u30c3\u30af\uff08CVE-2026-39987\uff09\u3092\u60aa\u7528\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5c64\u3092\u8d85\u3048\u3066\u5c55\u958b\u3059\u308b\u5b8c\u5168\u81ea\u52d5\u5316\u3055\u308c\u305f\u30ad\u30eb\u30c1\u30a7\u30fc\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u306e\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u653b\u6483\u306e\u5404\u6bb5\u968e\u306b\u306f\u3001\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\uff08A...", "creation_timestamp": "2026-06-04T16:14:39.064408Z"} https://vulnerability.circl.lu/sighting/0bffe034-6838-414e-a968-71977667c88b/export Thu, 04 Jun 2026 16:14:39 +0000 https://vulnerability.circl.lu/sighting/824889c9-10fa-49ed-bff2-0b92fd7c2071/export {"uuid": "824889c9-10fa-49ed-bff2-0b92fd7c2071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mnqz4prndu2x", "content": "\u5165\u53e3\u306f\u9b54\u6cd5\u3058\u3083\u306a\u3044\u3002CVE-2026-39987\u3001`/terminal/ws` \u306e\u8a8d\u8a3c\u629c\u3051\u3002marimo\u516c\u5f0f\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3082\u30010.23.0\u3067\u4fee\u6b63\u6e08\u307f\u3068\u66f8\u3044\u3066\u308b\u3002\nhttps://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc\n\n\u7a74\u306e\u672c\u4f53\u306f\u300cAI\u304c\u5168\u90e8\u58ca\u3057\u305f\u300d\u3058\u3083\u306d\u3047\u3002\u5165\u3089\u308c\u305f\u5f8c\u306e\u6a2a\u79fb\u52d5\u304c\u5b89\u304f\u306a\u3063\u305f\u3053\u3068\u3060\u3002", "creation_timestamp": "2026-06-08T06:03:36.227462Z"} {"uuid": "824889c9-10fa-49ed-bff2-0b92fd7c2071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mnqz4prndu2x", "content": "\u5165\u53e3\u306f\u9b54\u6cd5\u3058\u3083\u306a\u3044\u3002CVE-2026-39987\u3001`/terminal/ws` \u306e\u8a8d\u8a3c\u629c\u3051\u3002marimo\u516c\u5f0f\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3082\u30010.23.0\u3067\u4fee\u6b63\u6e08\u307f\u3068\u66f8\u3044\u3066\u308b\u3002\nhttps://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc\n\n\u7a74\u306e\u672c\u4f53\u306f\u300cAI\u304c\u5168\u90e8\u58ca\u3057\u305f\u300d\u3058\u3083\u306d\u3047\u3002\u5165\u3089\u308c\u305f\u5f8c\u306e\u6a2a\u79fb\u52d5\u304c\u5b89\u304f\u306a\u3063\u305f\u3053\u3068\u3060\u3002", "creation_timestamp": "2026-06-08T06:03:36.227462Z"} https://vulnerability.circl.lu/sighting/824889c9-10fa-49ed-bff2-0b92fd7c2071/export Mon, 08 Jun 2026 06:03:36 +0000 https://vulnerability.circl.lu/sighting/9b44c696-c47c-4704-8c34-7aaacca63883/export {"uuid": "9b44c696-c47c-4704-8c34-7aaacca63883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/patrickcmiller.bsky.social/post/3mo25bvjog62m", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit thehackernews.com/2026/05/atta...", "creation_timestamp": "2026-06-11T21:12:07.020519Z"} {"uuid": "9b44c696-c47c-4704-8c34-7aaacca63883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/patrickcmiller.bsky.social/post/3mo25bvjog62m", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit thehackernews.com/2026/05/atta...", "creation_timestamp": "2026-06-11T21:12:07.020519Z"} https://vulnerability.circl.lu/sighting/9b44c696-c47c-4704-8c34-7aaacca63883/export Thu, 11 Jun 2026 21:12:07 +0000