CISA has added CVE-2026-39987, a Remote Code Execution (RCE) vulnerability in Marimo, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation to reduce their exposure to cyberattacks.