{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/414811#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nTerrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileges on the host `Node.js` process. This vulnerability is caused by a JavaScript prototype chain traversal in the Pyodide WebAssembly environment.\r\n\r\n### Description\r\nThe root cause of the vulnerability lies in the configuration of `jsglobals` objects in `service.ts`. Specifically, the mock document object is created using a standard JavaScript object literal, which inherits properties from `Object.prototype`. This inheritance chain allows sandbox code to traverse up to the function constructor, create a function that returns `globalThis`, and from there access `Node.js` internals, including `require()`. As a result, an attacker can escape the sandbox and execute arbitrary system commands as root within the container.\r\n\r\n**CVE-2026-5752**\r\nSandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.\r\n\r\n### Impact\r\nApplications that use Terrarium for sandboxed code execution may be compromised, allowing an attacker to:\r\n\r\n* Execute arbitrary commands as root inside the container\r\n* Access and modify sensitive files, including `/etc/passwd` and environment variables\r\n* Reach other services on the container's network, including databases and internal APIs\r\n* Potentially escape the container and escalate privileges further\r\n\r\n### Mitigation\r\nThe vendor has published a patch as v1.0.1 of cohere-terrarium and this version has been identified as the final release. If you are unable to patch your implementation, several mitigation strategies can be employed to reduce the risk of exploitation. Users should consider implementing the following measures if upgrading is not an option:\r\n\r\n* **Disable unnecessary features**: Disable any features that allow users to submit code to the sandbox, if possible.\r\n* **Implement network segmentation**: Segment the network to limit the attack surface and prevent lateral movement.\r\n* **Use a Web Application Firewall (WAF)**: Deploy a WAF to detect and block suspicious traffic, including attempts to exploit the vulnerability.\r\n* **Monitor container activity**: Regularly monitor container activity for signs of suspicious behavior.\r\n* **Implement access controls**: Limit access to the container and its resources to authorized personnel only.\r\n* **Use a secure container orchestration tool:** Utilize a secure container orchestration tool to manage and secure containers.\r\n* **Regularly update and patch dependencies**: Ensure that dependencies are up-to-date and patched.\r\n\r\n### Acknowledgments\r\nThe vulnerability was discovered by Jeremy Brown, who used AI-assisted vulnerability research to identify the issue. This document was written by Timur Snoke with assistance from AI.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"cohere-terrarium has been archived. v1.0.1 is the final release and the\r\nREADME will carry an end-of-life banner pointing users to either upgrade to\r\n1.0.1 or migrate off the project. There will be no further patches.","title":"CERT/CC comment on Cohere notes"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/414811"},{"url":"https://github.com/cohere-ai/cohere-terrarium","summary":"https://github.com/cohere-ai/cohere-terrarium"},{"url":"https://github.com/cohere-ai/cohere-terrarium/releases/tag/v1.0.1","summary":"https://github.com/cohere-ai/cohere-terrarium/releases/tag/v1.0.1"},{"url":"https://github.com/cohere-ai/cohere-terrarium/releases/tag/v1.0.1","summary":"Reference(s) from vendor \"Cohere\""}],"title":"Terrarium contains a vulnerability that allows arbitrary code execution","tracking":{"current_release_date":"2026-04-23T12:25:08+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.36"}},"id":"VU#414811","initial_release_date":"2026-04-21 13:37:30.145007+00:00","revision_history":[{"date":"2026-04-23T12:25:08+00:00","number":"1.20260423122508.2","summary":"Released on 2026-04-23T12:25:08+00:00"}],"status":"final","version":"1.20260423122508.2"}},"vulnerabilities":[{"title":"Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.","notes":[{"category":"summary","text":"Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal."}],"cve":"CVE-2026-5752","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#414811"}]}],"product_tree":{"branches":[]}}