CVE-2026-5752 Overview
CVE-2026-5752 is a critical sandbox escape vulnerability affecting Cohere Terrarium that enables arbitrary code execution with root privileges on the host process through JavaScript prototype chain traversal. This vulnerability allows attackers with local access to break out of the sandbox environment and execute malicious code with elevated privileges on the underlying host system.
Critical Impact
Successful exploitation allows complete sandbox escape with root-level code execution on the host process, potentially compromising the entire system and any data or applications running alongside the sandboxed environment.
Affected Products
- Cohere Terrarium (sandbox execution environment)
Discovery Timeline
- 2026-04-14 - CVE-2026-5752 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-5752
Vulnerability Analysis
This sandbox escape vulnerability exploits a fundamental weakness in the JavaScript sandbox implementation within Cohere Terrarium. The vulnerability allows attackers to traverse the JavaScript prototype chain to access objects and functions that exist outside the sandbox boundary, ultimately enabling code execution in the context of the host process with root privileges.
The attack requires local access to the system but does not require any user interaction or special privileges to exploit. The scope is changed, meaning that a successful exploit affects resources beyond the vulnerable component's security scope—in this case, breaking out of the sandbox to impact the host system directly.
Root Cause
The root cause of this vulnerability lies in improper isolation of the JavaScript prototype chain within the Terrarium sandbox environment. The sandbox fails to adequately prevent access to parent or global object prototypes, allowing sandboxed code to reference and manipulate objects in the host environment. This prototype pollution or traversal technique bypasses the intended security boundaries of the sandbox.
When JavaScript code running inside the sandbox can access __proto__, constructor, or other prototype chain properties that reference host-side objects, it creates a bridge that attackers can use to escape the sandbox entirely.
Attack Vector
The attack vector for CVE-2026-5752 is local, requiring the attacker to execute JavaScript code within the Terrarium sandbox environment. The attack proceeds by:
- Identifying accessible prototype chain references that point outside the sandbox
- Traversing the prototype chain to reach host-side objects or constructors
- Using these references to instantiate or invoke host-side functionality
- Executing arbitrary code with the privileges of the host process (root)
The low complexity of this attack, combined with no required privileges or user interaction, makes this vulnerability particularly dangerous for any deployment using Terrarium for sandboxed code execution.
Technical details regarding the specific exploitation methodology can be found in the CERT Vulnerability Advisory.
Detection Methods for CVE-2026-5752
Indicators of Compromise
- Unusual process spawning from the Terrarium sandbox process with elevated privileges
- Unexpected system calls or file access patterns originating from sandboxed code execution contexts
- JavaScript execution logs showing attempts to access __proto__, constructor.constructor, or similar prototype chain traversal patterns
- Anomalous root-level process activity correlated with Terrarium sandbox execution times
Detection Strategies
- Implement runtime monitoring for prototype chain access patterns within sandboxed JavaScript environments
- Deploy behavioral analysis to detect sandbox processes attempting to access resources outside their intended scope
- Monitor for privilege escalation attempts originating from sandbox execution contexts
- Use application-level logging to track JavaScript object access patterns that may indicate prototype traversal attempts
Monitoring Recommendations
- Enable verbose logging for all Terrarium sandbox operations and review for anomalous patterns
- Configure host-based intrusion detection systems to alert on unexpected root-level process creation
- Implement process ancestry monitoring to detect processes spawned from sandbox contexts with elevated privileges
- Review audit logs for any system-level changes occurring during or after sandbox code execution
How to Mitigate CVE-2026-5752
Immediate Actions Required
- Audit all deployments of Cohere Terrarium to assess exposure
- Consider temporarily disabling Terrarium sandbox functionality until patches are available
- Restrict local access to systems running Terrarium to trusted users only
- Implement additional isolation layers such as containerization or virtualization around Terrarium deployments
Patch Information
Refer to the GitHub Project Repository for the latest security updates and patch information. Organizations should monitor this repository for security advisories and apply patches as they become available.
Additional vulnerability details and remediation guidance are available in the CERT Vulnerability Advisory.
Workarounds
- Run Terrarium within an additional isolation layer (container, VM, or separate security domain) to limit the impact of sandbox escape
- Implement strict network segmentation to contain any compromised sandbox host systems
- Freeze or lock prototype objects in the JavaScript environment where possible to limit prototype chain manipulation
- Apply principle of least privilege to the host process running Terrarium, avoiding root execution where feasible
- Consider alternative sandboxing solutions with stronger isolation guarantees until a patch is available
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
