{"vuid":"VU#414811","idnumber":"414811","name":"Terrarium contains a vulnerability that allows arbitrary code execution","keywords":null,"overview":"### Overview\r\nTerrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileges on the host `Node.js` process. This vulnerability is caused by a JavaScript prototype chain traversal in the Pyodide WebAssembly environment.\r\n\r\n### Description\r\nThe root cause of the vulnerability lies in the configuration of `jsglobals` objects in `service.ts`. Specifically, the mock document object is created using a standard JavaScript object literal, which inherits properties from `Object.prototype`. This inheritance chain allows sandbox code to traverse up to the function constructor, create a function that returns `globalThis`, and from there access `Node.js` internals, including `require()`. As a result, an attacker can escape the sandbox and execute arbitrary system commands as root within the container.\r\n\r\n**CVE-2026-5752**\r\nSandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.\r\n\r\n### Impact\r\nApplications that use Terrarium for sandboxed code execution may be compromised, allowing an attacker to:\r\n\r\n* Execute arbitrary commands as root inside the container\r\n* Access and modify sensitive files, including `/etc/passwd` and environment variables\r\n* Reach other services on the container's network, including databases and internal APIs\r\n* Potentially escape the container and escalate privileges further\r\n\r\n### Mitigation\r\nUnfortunately, we were unable to coordinate with the vendor to obtain a patch or fix for this vulnerability. In the meantime, several mitigation strategies can be employed to reduce the risk of exploitation. Users should consider implementing the following measures:\r\n\r\n* **Disable unnecessary features**: Disable any features that allow users to submit code to the sandbox, if possible.\r\n* **Implement network segmentation**: Segment the network to limit the attack surface and prevent lateral movement.\r\n* **Use a Web Application Firewall (WAF)**: Deploy a WAF to detect and block suspicious traffic, including attempts to exploit the vulnerability.\r\n* **Monitor container activity**: Regularly monitor container activity for signs of suspicious behavior.\r\n* **Implement access controls**: Limit access to the container and its resources to authorized personnel only.\r\n* **Use a secure container orchestration tool:** Utilize a secure container orchestration tool to manage and secure containers.\r\n* **Regularly update and patch dependencies**: Ensure that dependencies are up-to-date and patched.\r\n\r\n### Acknowledgments\r\nThe vulnerability was discovered by Jeremy Brown, who used AI-assisted vulnerability research to identify the issue. This document was written by Timur Snoke with assistance from AI.","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":["https://github.com/cohere-ai/cohere-terrarium"],"cveids":["CVE-2026-5752"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2026-04-21T13:37:30.311268Z","publicdate":"2026-04-21T13:37:30.145007Z","datefirstpublished":"2026-04-21T13:37:30.329244Z","dateupdated":"2026-04-21T13:37:30.145003Z","revision":1,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":189}