Vulnerability Advisory
CVE-2026-5752
CVE-2026-5752 is a CVSS 9.3 sandbox escape vulnerability in Cohere AI's Terrarium Python sandbox that allows root code execution and Docker container escape via JavaScript prototype chain traversal. The project is abandoned and will never be patched — immediate mitigation required.
Severity
critical
CVSS Score
9.1 / 10
Fix Status
Patch available
Published
Apr 22, 2026
Affected Products
- ›Cohere AI Terrarium — all versions (no patch available, project abandoned) Any system using Terrarium to execute user-submitted or LLM-generated Python code
Key Facts
- ›CVE-2026-5752 is a CVSS 9.3 critical sandbox escape vulnerability in Terrarium, an open-source Python sandbox developed by Cohere AI and used to run untrusted user-submitted or LLM-generated code inside a Docker container — allowing an attacker to break out of the sandbox and execute arbitrary system commands as root.
- ›The flaw exploits JavaScript prototype chain traversal in the Pyodide WebAssembly environment that Terrarium runs on, enabling sandboxed code to access and manipulate the host Node.js process — bypassing all intended security isolation boundaries without requiring any user interaction or special privileges.
- ›Beyond root code execution inside the container, successful exploitation can expose sensitive files like /etc/passwd, reach other services on the container's network, and potentially allow full container escape — giving an attacker access to the underlying host system or adjacent containers.
- ›The Terrarium project is no longer actively maintained by Cohere AI — meaning this critical vulnerability will never receive a patch. Any deployment of Terrarium must be immediately disabled or isolated, as no fix is forthcoming from the vendor.
Full Analysis
CVE-2026-5752: Cohere AI Terrarium Sandbox Flaw Allows Root Code Execution and Container Escape — No Patch Coming
Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.
Read the full report →