CVE-2026-39987 represents a critical pre-authorization remote code execution vulnerability in Marimo that permits unauthenticated threat actors to obtain shell access and execute arbitrary system commands on affected instances. The vulnerability bypasses authentication mechanisms entirely, creating a direct path to system compromise without credential requirements. Exploitation requires network access to affected Marimo deployments, with no additional user interaction necessary. Immediate patching is advised for all Marimo installations exposed to untrusted networks.