Sandbox Escape Vulnerability in Terrarium by Cohere AI
CVE-2026-5752

9.3CRITICAL

Key Information:

Vendor: Cohere
Status: Cohere-terrarium
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-5752?

The sandbox escape vulnerability in Terrarium allows attackers to leverage JavaScript prototype chain traversal to execute arbitrary code with root privileges on the host process. This vulnerability raises significant security concerns as it can be exploited to bypass the sandbox environment normally protecting system resources from unauthorized access and manipulation.

Affected Version(s)

cohere-terrarium all

References

https://kb.cert.org/vuls/id/414811

https://github.com/cohere-ai/cohere-terrarium

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Apr 7, 2026

CVE-2026-5752 Data

JSON