{"vulnerability": "CVE-2026-39987", "sightings": [{"uuid": "a17c4ed7-aa25-488b-a575-b5c32ef56ed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/poxek/6047", "content": "Pre-auth RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 marimo (Python notebook framework) \u2014 CVE-2026-39987\n#RCE #CVE #Marimo #Python #WebSocket #AppSec\n\n\u0412 Marimo \u0435\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430. \u041a\u0430\u043a \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442 /terminal/ws \u043d\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438: WebSocket-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b\u043e\u0441\u044c \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u0438 \u0441\u0435\u0441\u0441\u0438\u0439, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 pty.fork() \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b\u0441\u044f \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 shell. \u041a\u043e\u0440\u0435\u043d\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u2014 AuthenticationMiddleware \u0438\u0437 Starlette \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043d\u043e \u043d\u0435 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 WebSocket-\u0430\u043f\u0433\u0440\u0435\u0439\u0434, \u0430 \u0441\u0430\u043c \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442 \u043d\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 validate_auth() \u043f\u0435\u0440\u0435\u0434 websocket.accept().\n\n\u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Marimo \u2264 0.22.x. \u0424\u0438\u043a\u0441 \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0432 0.23.0.\n\n\u267e\ufe0f\u0418\u043c\u043f\u0430\u043a\u0442\u267e\ufe0f\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u0430\u0433\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u041e\u0421, \u043a\u0440\u0430\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435, \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a .env, API-\u043a\u043b\u044e\u0447\u0430\u043c \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0438\u043d\u0441\u0442\u0430\u043d\u0441 \u043a\u0430\u043a \u0442\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u043f\u0440\u043e\u0434\u0432\u0438\u0436\u0435\u043d\u0438\u044f \u043f\u043e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n\u267e\ufe0f\u0410\u0442\u0430\u043a\u0430\u267e\ufe0f\n\n\u25aa\ufe0f\u041d\u0430\u0445\u043e\u0434\u0438\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u043f\u043e \u0441\u0435\u0442\u0438 \u0438\u043d\u0441\u0442\u0430\u043d\u0441 Marimo \u0438 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u0443\u0435\u043c WebSocket-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a ws://TARGET:/terminal/ws \u0438\u043b\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 wss://-URL\n\u25aa\ufe0f\u042d\u043d\u0434\u043f\u043e\u0438\u043d\u0442 \u043d\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0435\u0440\u0435\u0434 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f. \u0421\u0435\u0440\u0432\u0435\u0440 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 websocket.accept() \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u0443\u044e \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0443 (PTY)\n\u25aa\ufe0f\u041f\u043e\u0441\u043b\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u0440\u044f\u043c\u043e \u0447\u0435\u0440\u0435\u0437 WebSocket, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 id, whoami, ls -la, cat /etc/passwd. \u041c\u043e\u0436\u043d\u043e \u0441\u043a\u0430\u0447\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443, \u0437\u0430\u043a\u0440\u0435\u043f\u0438\u0442\u044c\u0441\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 \u043a\u0430\u043a \u043f\u043b\u0430\u0446\u0434\u0430\u0440\u043c \u0434\u043b\u044f lateral movement.\n\n\u267e\ufe0f\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f in wild\u267e\ufe0f\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig TRT, \u0447\u0435\u0440\u0435\u0437 9 \u0447\u0430\u0441\u043e\u0432 41 \u043c\u0438\u043d\u0443\u0442\u0443 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 advisory \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f. \u0417\u0430 3 \u0434\u043d\u044f (11\u201314 \u0430\u043f\u0440\u0435\u043b\u044f) \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e 662 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442-\u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0441 11 IP \u0438\u0437 10 \u0441\u0442\u0440\u0430\u043d. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u043d\u043e\u0432\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 NKAbuse \u2014 Go-\u0431\u044d\u043a\u0434\u043e\u0440 \u0441 C2 \u0447\u0435\u0440\u0435\u0437 NKN blockchain, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u0434 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0439 Kubernetes-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 kagent \u0438 \u0440\u0430\u0437\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0439 \u0447\u0435\u0440\u0435\u0437 typosquatted Hugging Face Space vsccode-modetx.\n\n\u267e\ufe0f\u0417\u0430\u0449\u0438\u0442\u0430\u267e\ufe0f\n\n\u25aa\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 Marimo \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.23.0 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435\n\u25aa\ufe0f\u041d\u0435 \u0432\u044b\u0441\u0442\u0430\u0432\u043b\u044f\u0439\u0442\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 Marimo \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0431\u0435\u0437 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f VPN, \u043f\u0440\u043e\u043a\u0441\u0438 \u0441 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0438\u043b\u0438 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430\n\u25aa\ufe0f\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0439\u0442\u0435 Marimo \u0432 \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430\u0445 \u043f\u043e\u0434 non-root user\n\n\ud83d\udd17\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-04-23T11:23:05.000000Z"}, {"uuid": "88656cfb-66d4-478b-9bc3-6fe1035931b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/81648", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39987\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a h3raklez\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-25 16:53:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nMarimo Pre-Auth RCE\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-25T17:00:04.000000Z"}, {"uuid": "46a7f341-7806-479d-b056-63cb5744e55e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/TengkorakCyberCrewzz/39525", "content": "Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure \u2013 thehackernews.com\n\nFri, 10 Apr 2026 15:37:00", "creation_timestamp": "2026-04-11T04:03:13.000000Z"}, {"uuid": "1c16af00-70c5-4a7a-ba94-a8c2cb065246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/javascript/cves/2026/CVE-2026-39987.yaml", "content": "", "creation_timestamp": "2026-04-09T06:51:35.000000Z"}, {"uuid": "a6b57914-4e05-492a-91e3-f0a30dc6d86f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/endorlabs.bsky.social/post/3mj3giso5ac2k", "content": "", "creation_timestamp": "2026-04-09T18:23:51.110751Z"}, {"uuid": "d0df07c0-19d8-4077-945b-911efd2196e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj3oa3y53u23", "content": "", "creation_timestamp": "2026-04-09T20:41:58.118849Z"}, {"uuid": "0ec3e2fd-b2e2-4113-8dfb-d32deec94f9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mj3pextgr42n", "content": "", "creation_timestamp": "2026-04-09T21:02:34.687287Z"}, {"uuid": "c5ef3189-0e53-465e-9f6e-d308c2d26f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hacksgr.bsky.social/post/3mjapghgigf2z", "content": "", "creation_timestamp": "2026-04-11T20:46:56.168622Z"}, {"uuid": "4b2e9990-ee8e-4c82-a227-c874423fd889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mj55edl6mx27", "content": "", "creation_timestamp": "2026-04-10T10:45:25.658401Z"}, {"uuid": "ba3b15e4-340a-45af-8a0a-3a9034291453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mj55wz7wzf2r", "content": "", "creation_timestamp": "2026-04-10T10:55:52.654761Z"}, {"uuid": "fff980b6-6c80-4d44-ad8d-637c57aa61e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mj57ks2ihj2l", "content": "", "creation_timestamp": "2026-04-10T11:24:50.042023Z"}, {"uuid": "d74d2403-f335-48ca-93ec-cd630e89511f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "https://www.endorlabs.com/learn/root-in-one-request-marimos-critical-pre-auth-rce-cve-2026-39987", "content": "", "creation_timestamp": "2026-04-09T04:00:00.000000Z"}, {"uuid": "a1ab9fb6-992e-4d63-99ca-bf0327552ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hours", "content": "", "creation_timestamp": "2026-04-09T04:00:00.000000Z"}, {"uuid": "d4baa146-b10f-4d0c-b1ed-b4436e495e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc", "content": "", "creation_timestamp": "2026-04-08T04:00:00.000000Z"}, {"uuid": "fb011dd1-8614-4c5d-b456-505cb82da16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/solomonneas.dev/post/3mj5bobmwhj2w", "content": "", "creation_timestamp": "2026-04-10T12:02:34.806860Z"}, {"uuid": "25d4f1ba-5c3c-4db0-9353-0d93f1997fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mj5d52kqdz2t", "content": "", "creation_timestamp": "2026-04-10T12:28:44.435370Z"}, {"uuid": "f11c1b03-0431-4890-aacf-3c9e65659b67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mj5e72s2lw2t", "content": "", "creation_timestamp": "2026-04-10T12:47:45.057847Z"}, {"uuid": "de115174-f737-474f-a6ac-b89c7657c812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116380498383542979", "content": "", "creation_timestamp": "2026-04-10T12:51:16.752432Z"}, {"uuid": "d61937fb-0a90-4e5a-93d9-612f8f6b4bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/e-kiledjian.bsky.social/post/3mj5eg7qads2q", "content": "", "creation_timestamp": "2026-04-10T12:51:51.819909Z"}, {"uuid": "54a91103-1595-4384-8a79-27f1594b0c29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html", "content": "", "creation_timestamp": "2026-04-10T05:37:00.000000Z"}, {"uuid": "67e83ba5-b3ba-4d79-9609-648c425b5a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omiseos2q", "content": "", "creation_timestamp": "2026-04-10T15:54:13.776381Z"}, {"uuid": "09d2955a-4d4f-4bef-bbe8-dd9299bff36e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omistdk2q", "content": "", "creation_timestamp": "2026-04-10T15:54:14.314785Z"}, {"uuid": "bae6f2ee-c64d-4548-aaab-13abcdb59ed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omisucs2q", "content": "", "creation_timestamp": "2026-04-10T15:54:14.810138Z"}, {"uuid": "789ab58b-5d36-404e-b9e3-85c5f3eb60b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omiswbc2q", "content": "", "creation_timestamp": "2026-04-10T15:54:15.330593Z"}, {"uuid": "de3a2ef8-280f-494f-a33f-f00c87f59192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omiswbd2q", "content": "", "creation_timestamp": "2026-04-10T15:54:15.815184Z"}, {"uuid": "8b77767a-7944-463d-98ce-a0ae5bf9d0ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omisxal2q", "content": "", "creation_timestamp": "2026-04-10T15:54:17.500200Z"}, {"uuid": "17f386f3-6787-48d4-ad38-b2e281d380bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omisy7t2q", "content": "", "creation_timestamp": "2026-04-10T15:54:18.030878Z"}, {"uuid": "c90a1270-f196-4aea-893f-addf60ce4bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mj5omisz732q", "content": "", "creation_timestamp": "2026-04-10T15:54:18.541823Z"}, {"uuid": "ac88a2d0-e7c6-4a77-9f55-5874de57aec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://threatintel.cc/2026/04/10/critical-marimo-flaw-exploited-hours.html", "content": "", "creation_timestamp": "2026-04-10T10:51:24.000000Z"}, {"uuid": "10a5e898-228a-4975-9550-a06056add516", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3mj5tyxrqfp22", "content": "", "creation_timestamp": "2026-04-10T17:30:40.183991Z"}, {"uuid": "dcb06176-ce74-493f-96f1-62dd7398e50c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mj67usxjjr2x", "content": "", "creation_timestamp": "2026-04-10T21:03:17.589542Z"}, {"uuid": "f2fe83dc-2224-4aa8-b5f0-a876cb50cee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjbcllv3sm2e", "content": "", "creation_timestamp": "2026-04-12T02:29:37.450503Z"}, {"uuid": "63b5a8d7-c828-4e43-a525-776a4ad01c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mj6s2zxoat2b", "content": "", "creation_timestamp": "2026-04-11T02:28:42.274699Z"}, {"uuid": "91cf257d-91a6-48ce-aed4-a0db4e3d2a46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mjbqx3g6o22h", "content": "", "creation_timestamp": "2026-04-12T06:46:36.803071Z"}, {"uuid": "df7f38ae-a3ad-4123-8127-c2f940e9f077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mj6vdq5dy22q", "content": "", "creation_timestamp": "2026-04-11T03:27:15.192017Z"}, {"uuid": "fd0c1fb5-20ec-4aa7-8edb-f5f035e00f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mjct7xk2422q", "content": "", "creation_timestamp": "2026-04-12T17:00:00.563498Z"}, {"uuid": "56b043ab-262c-41de-8ccd-9076de731028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mj7ltpzzwf2j", "content": "", "creation_timestamp": "2026-04-11T10:09:54.033639Z"}, {"uuid": "8b2eb923-9a0e-49a5-b7d0-214a8c11b295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/rxerium.com/post/3mjcw6yotxm2y", "content": "", "creation_timestamp": "2026-04-12T17:53:09.561346Z"}, {"uuid": "43cce470-ae06-419f-81ae-aa6fad84ee9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mjcxgrwonj2p", "content": "", "creation_timestamp": "2026-04-12T18:15:24.334757Z"}, {"uuid": "f6c8541d-4547-4fe1-a826-334a5f6ff9fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mjd7knei2725", "content": "", "creation_timestamp": "2026-04-12T20:40:43.264462Z"}, {"uuid": "89cdc9e3-0bf1-40e8-be6f-25970226fd8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mjda7g45ts2f", "content": "", "creation_timestamp": "2026-04-12T20:52:20.450726Z"}, {"uuid": "fc9c2591-c986-42a2-8f3b-26ea554d6496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mjdaefqvdk2f", "content": "", "creation_timestamp": "2026-04-12T20:55:08.277105Z"}, {"uuid": "6f3718f0-a504-4bf9-ad4b-2fb2b55ac429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mjdafw7ii22f", "content": "", "creation_timestamp": "2026-04-12T20:55:58.830024Z"}, {"uuid": "004589a1-d05e-41ce-b496-82d9f7efbbe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/patrickcmiller.bsky.social/post/3mjdqfgjl5r2t", "content": "", "creation_timestamp": "2026-04-13T01:42:10.838471Z"}, {"uuid": "8646d6c9-83d2-4e94-9f09-b43021001ead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjdt2jxnih2t", "content": "", "creation_timestamp": "2026-04-13T02:29:38.131344Z"}, {"uuid": "79949c11-0ed9-4377-aa66-e14ad064ce13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/patrickcmiller/statuses/116395207586097637", "content": "", "creation_timestamp": "2026-04-13T03:12:01.111325Z"}, {"uuid": "903852da-4f81-4f3c-aedc-6914fdc4e124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/patrickcmiller.bsky.social/post/3mje2hc5qcm2u", "content": "", "creation_timestamp": "2026-04-13T04:42:02.145943Z"}, {"uuid": "5db21aae-b540-4eed-b8c2-47c226f08a2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mjf3k7nv6t2g", "content": "", "creation_timestamp": "2026-04-13T14:34:13.552179Z"}, {"uuid": "a17af7ff-c13a-4dd4-a8e9-456f845ed7f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mjebe4mmwg2l", "content": "", "creation_timestamp": "2026-04-13T06:45:31.972188Z"}, {"uuid": "6434ab8f-aeef-4288-a0fe-66fdfe8d8a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjgdjcg6pl25", "content": "", "creation_timestamp": "2026-04-14T02:29:32.625562Z"}, {"uuid": "d85c1031-f006-452e-9908-1b5d6070c554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/patrickcmiller/statuses/116398156738057915", "content": "", "creation_timestamp": "2026-04-13T15:42:01.620132Z"}, {"uuid": "513a3d8d-79a2-44c8-a98f-b900239568bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3mjfe54dwya2w", "content": "", "creation_timestamp": "2026-04-13T17:08:08.598455Z"}, {"uuid": "0acab391-e583-4afa-8976-1094e2154416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116398528617948925", "content": "", "creation_timestamp": "2026-04-13T17:16:37.119055Z"}, {"uuid": "6bcd9e99-7165-4f9a-837e-931de7606293", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/e-kiledjian.bsky.social/post/3mjfenercoc2c", "content": "", "creation_timestamp": "2026-04-13T17:17:07.091145Z"}, {"uuid": "1ca5fc2f-a6b1-4b08-a369-8f617592ef79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39987", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mjh4pko6ea2b", "content": "", "creation_timestamp": "2026-04-14T10:00:26.049623Z"}, {"uuid": "8fda74e7-9e32-493a-a855-f57b332f8045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-pre-authentication-remote-code-execution-marimo-exploited-wild-patch", "content": "", "creation_timestamp": "2026-04-13T08:28:29.000000Z"}, {"uuid": "d376ac24-95ee-4881-8512-a8e345ea6c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://threatintel.cc/2026/04/13/marimo-rce-vulnerability-exploited-in.html", "content": "", "creation_timestamp": "2026-04-13T15:16:42.000000Z"}, {"uuid": "99e98ac0-4062-4135-9441-76763d383ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mjhwmkncza2h", "content": "", "creation_timestamp": "2026-04-14T17:44:03.493021Z"}, {"uuid": "23619e86-c94f-4e30-a212-7b3a323ae4e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/TengkorakCyberCrewzz/39700", "content": "Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face \u2013 gbhackers.com\n\nFri, 17 Apr 2026 16:10:46", "creation_timestamp": "2026-04-17T12:03:03.000000Z"}, {"uuid": "00ec6700-6d4d-4f13-8864-af4a7797396d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "https://t.me/TengkorakCyberCrewzz/9796", "content": "Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face \u2013 gbhackers.com\n\nFri, 17 Apr 2026 16:10:46", "creation_timestamp": "2026-04-17T12:03:03.000000Z"}, {"uuid": "11f23650-5e05-4d4d-83d2-d4cc1bd70438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/GithubRedTeam/80379", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39987\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a keraattin\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-15 08:17:40\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-15T09:00:05.000000Z"}, {"uuid": "311d767c-f375-4be4-80d9-538d1b21df6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/lordman1982.bsky.social/post/3mjk62jnvvr2w", "content": "", "creation_timestamp": "2026-04-15T15:02:28.596107Z"}, {"uuid": "3df1525d-8d07-47ba-9db2-4223d3b2972f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjitxvbi6n2t", "content": "", "creation_timestamp": "2026-04-15T02:29:21.344157Z"}, {"uuid": "fc027406-aa87-4e4e-ae26-8d43e2c0cebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/80034", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39987\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xBlackash\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-12 21:52:54\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-39987\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-12T22:00:05.000000Z"}, {"uuid": "e74eac33-4a93-48b4-a174-a9dbd457ae21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-39987", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mjo7uvniot25", "content": "", "creation_timestamp": "2026-04-17T05:45:44.789011Z"}, {"uuid": "ffbf4e7e-56ea-4299-ab10-df962d38b36f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mjmviav6ma2y", "content": "", "creation_timestamp": "2026-04-16T17:07:06.645650Z"}, {"uuid": "ac72ef13-6624-4604-a26a-15cf7c0f7ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mjoqsqzo2f2o", "content": "", "creation_timestamp": "2026-04-17T10:48:46.582704Z"}, {"uuid": "2694dd8c-e53f-4150-a377-e8ccba1ceab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mjoj4djr3n32", "content": "", "creation_timestamp": "2026-04-17T08:30:58.643895Z"}, {"uuid": "2103cb2b-09c2-4c74-9fb3-60aa7caf9066", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/elhacker.net/post/3mjr3eot2nd2a", "content": "", "creation_timestamp": "2026-04-18T09:03:05.677573Z"}, {"uuid": "36d357b3-1dea-4ff0-b2f6-0d53b5d5de01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mjp53klabf2p", "content": "", "creation_timestamp": "2026-04-17T14:28:27.724251Z"}, {"uuid": "1e49ca29-db9c-4e33-aee3-b7218d577dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/80178", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39987_exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mki9\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-13 23:58:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-14T00:00:04.000000Z"}, {"uuid": "19aed64b-2d28-4fda-ae40-443af1c89b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3mjullzwgsxk2", "content": "", "creation_timestamp": "2026-04-19T18:31:39.789442Z"}, {"uuid": "9fc02dbd-4114-4760-a0b3-16f1a702546d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mjvu6xzkzc2v", "content": "", "creation_timestamp": "2026-04-20T06:37:55.432594Z"}, {"uuid": "0159b037-085a-4a55-b169-f553ff3e4b2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/S_E_Reborn/6305", "content": "\u0412\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 10 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Marimo \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Marimo 0.20.4 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-39987 \u0438 GitHub \u043e\u0446\u0435\u043d\u0438\u043b \u0435\u0451 \u0432 9,3 \u0438\u0437 10.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Sysdig, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u00a0\u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u043c\u0435\u0434\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438   \u0435\u0433\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0430 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f.\n\nMarimo - \u044d\u0442\u043e \u0441\u0440\u0435\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0431\u043b\u043e\u043a\u043d\u043e\u0442\u043e\u0432 \u043d\u0430 Python \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u0430\u0442\u0430\u0441\u0430\u0439\u043d\u0442\u0438\u0441\u0442\u0430\u043c\u0438, \u0418\u0418-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438. \u0412 \u0446\u0435\u043b\u043e\u043c, \u044d\u0442\u043e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 20 000 \u0437\u0432\u0435\u0437\u0434 \u043d\u0430 GitHub \u0438 1000 \u0444\u043e\u0440\u043a\u043e\u0432.\n\nCVE-2026-39987 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u0430\u044f \u0442\u043e\u0447\u043a\u0430 WebSocket /terminal/ws \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u043c\u0443 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0443 \u0431\u0435\u0437 \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0441 \u043b\u044e\u0431\u043e\u0433\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\n\u042d\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0439 \u0441 \u0442\u0435\u043c\u0438 \u0436\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 Marimo.\n\nMarimo \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 8 \u0430\u043f\u0440\u0435\u043b\u044f \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u044e 0.23.0 \u0434\u043b\u044f \u0435\u0451 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b\u0438 Marimo \u043a\u0430\u043a \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0431\u043b\u043e\u043a\u043d\u043e\u0442, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u0435\u0445, \u043a\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a Marimo \u0447\u0435\u0440\u0435\u0437 \u043e\u0431\u0449\u0443\u044e \u0441\u0435\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 --host 0.0.0.0 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig, \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0432\u044b\u0445 12 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c 125 IP, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f  \u0440\u0430\u0437\u0432\u0435\u0434\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c.\n\n\u041c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 10 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0447\u0435\u043d\u044b\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u043a\u0440\u0430\u0436\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043b \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0432\u0448\u0438\u0441\u044c \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /terminal/ws \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u043a\u043e\u0440\u043e\u0442\u043a\u0443\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u043b\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u043a\u0443\u043d\u0434.\n\n\u0412\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0440\u0443\u0447\u043d\u0443\u044e \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044f \u0431\u0430\u0437\u043e\u0432\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a pwd, whoami \u0438 ls, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043d\u044f\u0442\u044c \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u0435, \u0430 \u0437\u0430\u0442\u0435\u043c \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0430\u0442\u044c\u0441\u044f \u043f\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u043c \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 SSH.\n\n\u0414\u0430\u043b\u0435\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0441\u044f \u043d\u0430 \u0441\u0431\u043e\u0440\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0432 .env \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439. \u0417\u0430\u0442\u0435\u043c \u043e\u043d \u043f\u043e\u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b \u043f\u043e\u0438\u0441\u043a SSH-\u043a\u043b\u044e\u0447\u0435\u0439.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0443 Sysdig, \u0432\u0435\u0441\u044c \u044d\u0442\u0430\u043f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0431\u044b\u043b \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0437\u0430 \u0442\u0440\u0438 \u043c\u0438\u043d\u0443\u0442\u044b. \u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0447\u0430\u0441 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u0435\u0440\u043d\u0443\u043b\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0442\u0443 \u0436\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0437\u0430 \u0430\u0442\u0430\u043a\u043e\u0439, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u0442\u043e\u0438\u0442 \u00ab\u043c\u0435\u0442\u043e\u0434\u0438\u0447\u043d\u044b\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u00bb, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u043e\u0434\u0445\u043e\u0434, \u0430 \u043d\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u0438 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u0442\u0430\u043a\u0438\u0445 \u0432\u0430\u0436\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445, \u043a\u0430\u043a \u043a\u0440\u0430\u0436\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 .env \u0438 \u043a\u043b\u044e\u0447\u0435\u0439 SSH.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0435 \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u044b \u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u044b, \u0447\u0442\u043e \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u043e \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u0438 \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Marimo \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.23.0, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f WebSocket \u0441 /terminal/ws, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438 \u0440\u043e\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.", "creation_timestamp": "2026-04-13T16:22:04.000000Z"}, {"uuid": "8a889f06-6c28-4ecb-a959-ee57e014d2f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/true_secator/8095", "content": "\u0412\u0441\u0435\u0433\u043e \u0447\u0435\u0440\u0435\u0437 10 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Marimo \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Marimo 0.20.4 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-39987 \u0438 GitHub \u043e\u0446\u0435\u043d\u0438\u043b \u0435\u0451 \u0432 9,3 \u0438\u0437 10.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Sysdig, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043e\u0437\u0434\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u00a0\u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u043c\u0435\u0434\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438   \u0435\u0433\u043e \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0430 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f.\n\nMarimo - \u044d\u0442\u043e \u0441\u0440\u0435\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0431\u043b\u043e\u043a\u043d\u043e\u0442\u043e\u0432 \u043d\u0430 Python \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u044b\u0447\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u0430\u0442\u0430\u0441\u0430\u0439\u043d\u0442\u0438\u0441\u0442\u0430\u043c\u0438, \u0418\u0418-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c\u0438. \u0412 \u0446\u0435\u043b\u043e\u043c, \u044d\u0442\u043e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u043f\u0440\u043e\u0435\u043a\u0442, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 20 000 \u0437\u0432\u0435\u0437\u0434 \u043d\u0430 GitHub \u0438 1000 \u0444\u043e\u0440\u043a\u043e\u0432.\n\nCVE-2026-39987 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u0430\u044f \u0442\u043e\u0447\u043a\u0430 WebSocket /terminal/ws \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u043c\u0443 \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0443 \u0431\u0435\u0437 \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0441 \u043b\u044e\u0431\u043e\u0433\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\n\u042d\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0435, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0439 \u0441 \u0442\u0435\u043c\u0438 \u0436\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 Marimo.\n\nMarimo \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 8 \u0430\u043f\u0440\u0435\u043b\u044f \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u044e 0.23.0 \u0434\u043b\u044f \u0435\u0451 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u043b\u0438 Marimo \u043a\u0430\u043a \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0431\u043b\u043e\u043a\u043d\u043e\u0442, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u0435\u0445, \u043a\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a Marimo \u0447\u0435\u0440\u0435\u0437 \u043e\u0431\u0449\u0443\u044e \u0441\u0435\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 --host 0.0.0.0 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Sysdig, \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0432\u044b\u0445 12 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c 125 IP, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f  \u0440\u0430\u0437\u0432\u0435\u0434\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c.\n\n\u041c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 10 \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u043e\u0432 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0447\u0435\u043d\u044b\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u043a\u0440\u0430\u0436\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043b \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0432\u0448\u0438\u0441\u044c \u043a \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /terminal/ws \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0432 \u043a\u043e\u0440\u043e\u0442\u043a\u0443\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0434\u043b\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u043b\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u043a\u0443\u043d\u0434.\n\n\u0412\u0441\u043a\u043e\u0440\u0435 \u043f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0440\u0443\u0447\u043d\u0443\u044e \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044f \u0431\u0430\u0437\u043e\u0432\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a pwd, whoami \u0438 ls, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043d\u044f\u0442\u044c \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u0435, \u0430 \u0437\u0430\u0442\u0435\u043c \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0430\u0442\u044c\u0441\u044f \u043f\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u043c \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 SSH.\n\n\u0414\u0430\u043b\u0435\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0441\u044f \u043d\u0430 \u0441\u0431\u043e\u0440\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0432 .env \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439. \u0417\u0430\u0442\u0435\u043c \u043e\u043d \u043f\u043e\u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b \u043f\u043e\u0438\u0441\u043a SSH-\u043a\u043b\u044e\u0447\u0435\u0439.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0443 Sysdig, \u0432\u0435\u0441\u044c \u044d\u0442\u0430\u043f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0431\u044b\u043b \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0437\u0430 \u0442\u0440\u0438 \u043c\u0438\u043d\u0443\u0442\u044b. \u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u0447\u0430\u0441 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u0435\u0440\u043d\u0443\u043b\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0442\u0443 \u0436\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0437\u0430 \u0430\u0442\u0430\u043a\u043e\u0439, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0441\u0442\u043e\u0438\u0442 \u00ab\u043c\u0435\u0442\u043e\u0434\u0438\u0447\u043d\u044b\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u00bb, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u043e\u0434\u0445\u043e\u0434, \u0430 \u043d\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u0438 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u0442\u0430\u043a\u0438\u0445 \u0432\u0430\u0436\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445, \u043a\u0430\u043a \u043a\u0440\u0430\u0436\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 .env \u0438 \u043a\u043b\u044e\u0447\u0435\u0439 SSH.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0435 \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u044b \u0438\u043b\u0438 \u0431\u044d\u043a\u0434\u043e\u0440\u044b, \u0447\u0442\u043e \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u043e \u0431\u044b\u0441\u0442\u0440\u043e\u0439 \u0438 \u0441\u043a\u0440\u044b\u0442\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Marimo \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.23.0, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f WebSocket \u0441 /terminal/ws, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u0438 \u0440\u043e\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.", "creation_timestamp": "2026-04-13T11:59:36.000000Z"}, {"uuid": "76654ae4-9197-4ec7-9efb-7ae0d18e6a2a", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/030c6599-9b67-4757-b86c-13364df1fb4e", "content": "", "creation_timestamp": "2026-04-23T18:00:03.144663Z"}, {"uuid": "b8b15bcd-48e6-4512-aea6-679396b0b01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6325871", "content": "", "creation_timestamp": "2026-04-23T18:33:55.910340Z"}, {"uuid": "c8f02d21-0ed7-466a-84b9-fe07bfd46335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mk6sifuz6a2h", "content": "", "creation_timestamp": "2026-04-23T20:01:22.500490Z"}, {"uuid": "710dc11e-b2d6-4390-af67-89fa40327df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mk7o6tcynj2p", "content": "", "creation_timestamp": "2026-04-24T04:17:05.839320Z"}, {"uuid": "62cbbcd0-d8ae-4a3e-8aa1-6c8ff1d17191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/cibsecurity/88998", "content": "\ud83d\udd8b\ufe0f Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure \ud83d\udd8b\ufe0f\n\nA critical security vulnerability\u00a0in Marimo, an opensource Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according\u00a0to findings from\u00a0Sysdig. The vulnerability in question\u00a0is CVE202639987 CVSS score 9.3, a preauthenticated remote code execution vulnerability impacting all versions of Marimo prior to and including.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-04-10T15:15:48.000000Z"}, {"uuid": "d24645fc-4c25-4737-9fed-de85ec3092bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/cibsecurity/88990", "content": "\ud83d\udd8b\ufe0f Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure \ud83d\udd8b\ufe0f\n\nA critical security vulnerability\u00a0in Marimo, an opensource Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according\u00a0to findings from\u00a0Sysdig. The vulnerability in question\u00a0is CVE202639987 CVSS score 9.3, a preauthenticated remote code execution vulnerability impacting all versions of Marimo prior to and including.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-04-10T15:15:26.000000Z"}, {"uuid": "901fb7f6-203e-4121-b6cc-5453ac7c116a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/thehackernews/8778", "content": "\u26a0\ufe0f Marimo CVE-2026-39987 gave attackers a full shell with no authentication.\n\nA missing check in /terminal/ws allowed remote code execution on exposed systems. Exploitation began within 9 hours of disclosure\u2014no PoC needed.\n\n\ud83d\udd17 Details here \u2192 https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html", "creation_timestamp": "2026-04-10T10:40:16.000000Z"}, {"uuid": "4e4eb86b-ca83-4461-9d19-c81afa2675c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/ctinow/248642", "content": "CVE-2026-39987: Marimo RCE exploited in hours after disclosure\nhttps://ift.tt/4jQKviN", "creation_timestamp": "2026-04-11T09:54:21.000000Z"}, {"uuid": "0acd3f03-8536-496d-8d4f-f4aec0cdf2c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/ctinow/248640", "content": "Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure\nhttps://ift.tt/S5dmcDa", "creation_timestamp": "2026-04-11T06:04:30.000000Z"}, {"uuid": "7d7c4e43-a160-49ba-ae3a-0af4e3ed65e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "https://t.me/TengkorakCyberCrewzz/9629", "content": "Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure \u2013 thehackernews.com\n\nFri, 10 Apr 2026 15:37:00", "creation_timestamp": "2026-04-11T04:03:13.000000Z"}, {"uuid": "d9e6b68f-f36a-4573-9a14-1018b3e7bcd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "Telegram/Jeul2EvprL3_hH1xvWkayHz4l2vevKD0W-_dzxiA_dwei0o", "content": "", "creation_timestamp": "2026-04-13T19:00:13.000000Z"}, {"uuid": "8fbba0c8-ad91-4e92-bb2c-2be6e3306f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mkbgeoy6zw2g", "content": "", "creation_timestamp": "2026-04-24T21:02:39.943524Z"}, {"uuid": "f942a910-3ca2-4b02-9296-57c2f0fbbecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "Telegram/Y2UpQC9zCL6PqNfAxsSoQJ7YUumR5oW0JI3RILB7SgtOVH4", "content": "", "creation_timestamp": "2026-04-09T19:23:14.000000Z"}, {"uuid": "ea2380fd-dc11-4744-a186-79533553e87e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/solomonneas.dev/post/3mkkk3by56p2k", "content": "", "creation_timestamp": "2026-04-28T12:02:49.289033Z"}, {"uuid": "fa4255f7-29e7-410d-819a-c8605f28b2aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "Telegram/nbHcaeDNI4B0FTn-7eArxrArCHluMti4gPmSsvmEVLUktVg", "content": "", "creation_timestamp": "2026-04-14T03:00:10.000000Z"}, {"uuid": "6da6c7f2-1a00-47b4-8112-e638917323c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "Telegram/jqsHB6FIdeMNMlYJLaE-SWbBIQ7X4SKPFQvaPULFC7d8_bM", "content": "", "creation_timestamp": "2026-04-14T15:00:07.000000Z"}, {"uuid": "20a9fbec-3a08-47f9-bc2a-2d514cc29406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "exploited", "source": "Telegram/42vnnuN2H09Y8bowfU5L4vP0cA5-_XeLOUULsX7cOScNO7jc", "content": "", "creation_timestamp": "2026-04-11T10:05:05.000000Z"}, {"uuid": "15622cb9-b0a0-4d92-bf8d-fc5bb8137f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mkj3najads23", "content": "", "creation_timestamp": "2026-04-27T22:11:46.199524Z"}, {"uuid": "2d5e3ccd-e878-49b6-8ac6-c51bcaa7821f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "Telegram/kld9yLBbS6fzFNytGTSDXwsTRi8Qoep-LDw8M-oA9J472Qs", "content": "", "creation_timestamp": "2026-04-26T03:00:05.000000Z"}, {"uuid": "e02dd76f-89a1-489e-a3f2-ae1a6c23f126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "Telegram/56SNjB68nyULYTdkaeIILQI4ytkQLoACBGmTDoXIf258Id4", "content": "", "creation_timestamp": "2026-04-18T11:00:12.000000Z"}, {"uuid": "849ddad7-716d-4626-9bdf-52aa93e816f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "published-proof-of-concept", "source": "Telegram/qEqQyvlGNEhSwKVNxnh63UUFIX9U3tMkX70uQezLxi6YNVI", "content": "", "creation_timestamp": "2026-04-15T11:00:10.000000Z"}, {"uuid": "29fe0202-15cc-4720-8615-9da1068c804b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://t.me/GithubRedTeam/82751", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-39987\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rootdirective-sec\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 10:58:07\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T11:00:04.000000Z"}]}