CVE-2026-39987 is a pre-authentication RCE vulnerability (CVSS 9.8, CWE-306, CWE-94) in Marimo, an open-source reactive Python notebook, exploited in the wild within approximately 10 hours of public disclosure. No authentication or user interaction is required; any internet-exposed Marimo instance is at immediate risk of full system compromise. Specific affected version ranges have not been confirmed from primary NVD or OSV sources at time of writing; organizations should take all internet-exposed Marimo instances offline immediately, check the official Marimo release page and NVD for confirmed remediation version, and audit host systems for post-exploitation persistence mechanisms including unauthorized cron entries, new user accounts, and dropped files.