Home

Description

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

PUBLISHED Reserved 2026-04-07 | Published 2026-04-14 | Updated 2026-04-23 | Assigner certcc

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

CWE-400 Uncontrolled Resource Consumption

CWE-284 Improper Access Control

Product status

1.0.1
affected

References

www.kb.cert.org/vuls/id/414811

kb.cert.org/vuls/id/414811

github.com/cohere-ai/cohere-terrarium

cve.org (CVE-2026-5752)

nvd.nist.gov (CVE-2026-5752)

Download JSON