Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

Staff Editor 2026-04-22
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

https://thehackernews.com/2026/04/cohere-ai-terrarium-sandbox-flaw.html

Publish Date: 2026-04-22 03:16:00

Source Domain: thehackernews.com

Ravie LakshmananApr 22, 2026Vulnerability / Container Security

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.

The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.

“Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal,” according to a description of the flaw in CVE.org.

Developed by Cohere AI as an open-source project, Terrarium is a Python sandbox that’s used as a Docker-deployed container for running untrusted code written by users or generated with assistance from a large language model (LLM).

Notably, Terrarium runs on Pyodide, a Python distribution for the browser and Node.js, enabling it to support standard Python packages.  The project has been forked 56 times and starred 312 times.

According to the CERT Coordination Center (CERT/CC), the root cause relates to a JavaScript prototype chain traversal in the Pyodide WebAssembly environment that enables code execution with elevated privileges on the host Node.js process.

Successful exploitation of the vulnerability can allow an attacker to break out of the confines of the sandbox and execute arbitrary system commands as root within the container.

In addition, it can permit unauthorized access to sensitive files, such as “/etc/passwd,” reach other services on the container’s network, and even possibly escape the container and escalate privileges further.

It bears noting that the attack requires local access to the system but does not require any user interaction or special privileges to exploit.

Security researcher Jeremy Brown has been credited with discovering and reporting the flaw. Given that the project is no longer actively maintained, the vulnerability is unlikely to be patched.

As mitigations, CERT/CC is advising users to take the following steps –

  • Disable features…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy