Marimo CVE-2026-39987 RCE chains into LLM-driven post-exploit
Sysdig documents an LLM agent driving post-exploitation after a CVE-2026-39987 Marimo notebook compromise: cloud creds and SSH key pulled in under three minutes.
Stories tagged: #rce
CISA flags Langflow CVE-2025-34291: CORS chain yields RCE
CISA added CVE-2025-34291 to the KEV catalog on May 21. An overly permissive CORS plus a misconfigured refresh-token cookie chain to account takeover and code execution in Langflow ≤ 1.6.9.
LiteSpeed cPanel plugin RCE (CVE-2026-48172, CVSS 10.0) actively exploited — any cPanel user can run code as root
A privilege-escalation flaw in the LiteSpeed User-End cPanel plugin lets any cPanel account execute arbitrary scripts as root. Mass scanning began within 72 hours of disclosure.