Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
ACSC Warns of Large-Scale CMS Exploitation Campaign Deploys Webshells on Vulnerable Websites
July 9, 2026
GodDamn Ransomware Rebrands From Beast and Uses PoisonX Driver to Disable Defenses
July 9, 2026
RedHook Android RAT Abuses ADB Wireless Debugging to Gain Shell-Level Access
July 9, 2026
Home/Threats/Critical Hugging Face Vulnerability CVE-2026-39987 Lets Attackers Spread Backdoors
Threats

Critical Hugging Face Vulnerability CVE-2026-39987 Lets Attackers Spread Backdoors

Key Takeaways A critical remote code execution (RCE) vulnerability, CVE-2026-39987, in the marimo framework has been actively exploited. Attackers are leveraging this flaw to deploy a new variant of...

Marcus Rodriguez
Marcus Rodriguez
April 17, 2026 3 Min Read
47 0

Key Takeaways

  • A critical remote code execution (RCE) vulnerability, CVE-2026-39987, in the marimo framework has been actively exploited.
  • Attackers are leveraging this flaw to deploy a new variant of the NKAbuse malware, dubbed “kagent,” via a malicious Hugging Face Space.
  • The vulnerability allows unauthenticated RCE and has a CVSS score of 9.8 (Critical), enabling attackers to compromise AI developer workstations and exfiltrate sensitive cloud credentials.
  • The Sysdig TRT identified rapid weaponization and a multi-actor campaign targeting exposed marimo instances, with a patch available in marimo version 0.23.0.

Critical Hugging Face Vulnerability Poses Backdoor Threat to AI Workstations

A severe unauthenticated remote code execution (RCE) vulnerability, identified as CVE-2026-39987, impacting the marimo framework, is being actively exploited by threat actors to distribute a new variant of the NKAbuse malware. This critical flaw, with a CVSS score of 9.8, enables attackers to execute arbitrary code without authentication, making it a highly dangerous entry point for compromising AI developer environments.

Table Of Content

  • Key Takeaways
  • Critical Hugging Face Vulnerability Poses Backdoor Threat to AI Workstations
  • Rapid Exploitation and Multi-Actor Campaign
  • Deployment of NKAbuse Variant via Hugging Face
  • Broader Impact and Persistence
  • NKAbuse Variant and Persistence Tactics

Rapid Exploitation and Multi-Actor Campaign

The vulnerability, detailed in GitHub advisory GHSA-2679-6mx9-h9xc, was publicly disclosed on April 8, 2026. Within a mere 9 hours and 41 minutes, evidence of active exploitation emerged. From April 11 to April 14, 2026, researchers observed a concentrated attack campaign, with threat actors originating from 11 distinct IP addresses across 10 countries initiating 662 exploit attempts against vulnerable marimo instances. This rapid escalation from initial scanning to a full-blown, multi-actor assault underscores the critical nature of the vulnerability and the swiftness with which adversaries weaponize newly disclosed flaws, particularly those targeting AI developer infrastructure.

Deployment of NKAbuse Variant via Hugging Face

Researchers at the Sysdig TRT meticulously tracked these attacks, documenting four primary post-exploitation tactics: credential harvesting, attempts to establish reverse shells, DNS-based data exfiltration, and the deployment of a previously unseen variant of the NKAbuse malware. The speed of these operations confirmed that multiple, independent threat actors were simultaneously targeting the vulnerability shortly after its public release.

A particularly alarming discovery was the use of a typosquatted Hugging Face Space, named “vsccode-modetx,” to deliver a new Go-based backdoor called “kagent.” This malicious Space was designed to impersonate a legitimate VS Code tool, exploiting the trust associated with the Hugging Face platform. Attackers executed a simple curl command against a vulnerable marimo endpoint, which then downloaded and executed a shell dropper. This dropper, in turn, retrieved the kagent binary onto the victim’s system. Critically, the Hugging Face domain hosting the malicious payload showed no adverse reputation across 16 different security sources at the time of the attack, allowing the malware to bypass conventional security defenses undetected.

Broader Impact and Persistence

The compromise extended beyond individual marimo notebooks. Attackers rapidly leveraged initial access to pivot to connected PostgreSQL databases and Redis instances, extracting sensitive credentials from environment variables. In one observed incident, an operator exfiltrated AWS access keys, database connection strings, and OpenAI API tokens, illustrating how a single exploited marimo instance could serve as a gateway to wider cloud infrastructure compromise.

NKAbuse Variant and Persistence Tactics

The “kagent” binary is a stripped, UP

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitMalwareSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Anthropic Claude Opus 4.7 Enhances Cybersecurity with Real-Time Safeguards

Next Post

Beware Fake Ledger Wallets on Chinese Marketplaces Stealing Crypto Seeds and PINs

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Roundcube 0-Click Vulnerability Lets Attackers Inject Stored XSS
July 9, 2026
Critical Microsoft Entra ID Flaw Lets Attackers Hijack Accounts
July 9, 2026
Critical Linux Kernel Flaw Allows Root Access via DRM Render Nodes
July 9, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us