Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752 , is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code...

CVE-2026-5752

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

Terrarium contains a vulnerability that allows arbitrary code execution

Overview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileg...

EUVD-2026-22676

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

CVE-2026-5752

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

CVE-2026-5752 CVE-2026-5752

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

CVE-2026-5752

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

CVE-2026-5752 CVE-2026-5752

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

CVE-2026-5752

CVE-2026-5752 affects the Terrarium sandbox (Python-based, Pyodide/WebAssembly) used inside a container. The root cause is JavaScript prototype chain traversal that lets sandboxed code reach host environment, enabling arbitrary code execution as root within the container and potential access to s...

PT-2026-32894

Name of the Vulnerable Software and Affected Versions Terrarium affected versions not specified Description A sandbox escape allows arbitrary code execution with root privileges on a host process. This is achieved through JavaScript prototype chain traversal, which enables a full container escape...

Terrarium 安全漏洞

Terrarium is an open-source sandbox environment developed by Cohere, designed for executing untrusted Python code. Terrarium has a security vulnerability that stems from JavaScript prototype chain traversal, which may allow arbitrary code to be executed with root privileges in the host process...