AI description
CVE-2026-5752 describes a sandbox escape vulnerability found in Terrarium, an open-source Python sandbox developed by Cohere AI. This flaw allows for arbitrary code execution with root privileges on the host process. The vulnerability is exploited through JavaScript prototype chain traversal, enabling an attacker to bypass the sandbox's boundaries. Successful exploitation of CVE-2026-5752 requires local access to the system but does not necessitate user interaction or special privileges. Attackers can leverage this vulnerability to break out of the sandboxed environment and execute malicious code with elevated privileges on the underlying host system. The project is reportedly no longer actively maintained, suggesting that a patch for this vulnerability is unlikely.
- Description
- Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.
- Source
- cret@cert.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://t.co/IsguXmPWs1
@Dinosn
25 Apr 2026
1311 Impressions
0 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://t.co/shzcJdqxQK
@_r_netsec
24 Apr 2026
574 Impressions
3 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes