Critical Remote Code Execution in Cohere AI Terrarium Sandbox (CVE‑2026‑5752) Enables Root Code Execution & Container Escape
What It Is – A critical flaw in Cohere AI’s Python‑based sandbox, Terrarium, permits an attacker to traverse the JavaScript prototype chain and break out of the container, executing arbitrary commands with root privileges on the host.
Exploitability – The vulnerability is publicly disclosed (CVE‑2026‑5752) with a CVSS 9.3 (critical). Proof‑of‑concept code has been released, and researchers have demonstrated successful container escape in a lab environment; no widespread active exploits have been reported yet.
Affected Products – Cohere AI’s Terrarium sandbox library (used in the Cohere AI API and any third‑party services that embed the library for LLM prompt isolation).
TPRM Impact – Organizations that integrate Cohere AI’s language‑model APIs or host workloads that rely on Terrarium are exposed to a potential supply‑chain compromise, where a malicious payload could gain root access to shared infrastructure, leading to data exfiltration, lateral movement, or service disruption across tenant boundaries.
Recommended Actions –
- Immediately inventory all applications and services that import or depend on the Terrarium library.
- Upgrade to the patched version released by Cohere AI (or apply the vendor‑provided mitigation) no later than 48 hours.
- Conduct a rapid code‑review of any custom sandboxing logic that may still rely on the vulnerable component.
- Deploy host‑level runtime protections (e.g., SELinux/AppArmor, seccomp profiles) to limit root escalation even if escape occurs.
- Update third‑party risk registers to reflect the new CVE and reassess the risk rating for Cohere AI as a critical‑risk API provider.
Source: The Hacker News