Marimo notebook pre-auth RCE (Sysdig LLM-agent intrusion)

cve · CVE-2026-39987

Coverage timeline

first 2026-05-30 → last 2026-05-30

Briefs

1 distinct

Sources cited

2 hosts

Sections touched

research

Co-occurring entities

no co-occurrence

Story timeline

2026-05-30CTI Daily Brief — 2026-05-30
researchSysdig; exploited in LLM-agent-driven intrusion; patched in 0.23.0

Where this entity is cited

research1

Source distribution

sysdig.com1 (50%)
thehackernews.com1 (50%)

External references

NVD · cve.org · CISA KEV

All cited sources (2)

sysdig.comprimaryinlineSysdig TRT, 2026-05-26https://www.sysdig.com/blog/ai-agent-at-the-wheel-how-an-attacker-used-llms-to-move-from-a-cve-to-an-internal-database-in-4-pivots
cited in 2026-05-30
thehackernews.cominlineThe Hacker News, 2026-05-29https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html
cited in 2026-05-30

Items in briefs about Marimo notebook pre-auth RCE (Sysdig LLM-agent intrusion)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.