Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
Summary
Terrarium, a Python sandbox developed by Cohere AI for running untrusted code in containers, has a critical vulnerability (CVE-2026-5752, CVSS 9.3) that allows attackers to execute arbitrary code with root privileges through JavaScript prototype chain traversal (a technique where attackers manipulate how JavaScript looks up object properties to access restricted functionality). Since the project is no longer maintained, a patch is unlikely, but CERT/CC recommends several defensive measures.
Solution / Mitigation
CERT/CC advises the following mitigations: Disable features that allow users to submit code to the sandbox, if possible. Segment the network to limit the attack surface and prevent lateral movement. Deploy a Web Application Firewall to detect and block suspicious traffic, including attempts to exploit the vulnerability. Monitor container activity for signs of suspicious behavior. Limit access to the container and its resources to authorized personnel only. Use a secure container orchestration tool to manage and secure containers. Ensure that dependencies are up-to-date and patched.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html
First tracked: April 22, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 95%