{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/414811#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nTerrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileges on the host `Node.js` process. This vulnerability is caused by a JavaScript prototype chain traversal in the Pyodide WebAssembly environment.\r\n\r\n### Description\r\nThe root cause of the vulnerability lies in the configuration of `jsglobals` objects in `service.ts`. Specifically, the mock document object is created using a standard JavaScript object literal, which inherits properties from `Object.prototype`. This inheritance chain allows sandbox code to traverse up to the function constructor, create a function that returns `globalThis`, and from there access `Node.js` internals, including `require()`. As a result, an attacker can escape the sandbox and execute arbitrary system commands as root within the container.\r\n\r\n**CVE-2026-5752**\r\nSandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.\r\n\r\n### Impact\r\nApplications that use Terrarium for sandboxed code execution may be compromised, allowing an attacker to:\r\n\r\n* Execute arbitrary commands as root inside the container\r\n* Access and modify sensitive files, including `/etc/passwd` and environment variables\r\n* Reach other services on the container's network, including databases and internal APIs\r\n* Potentially escape the container and escalate privileges further\r\n\r\n### Mitigation\r\nUnfortunately, we were unable to coordinate with the vendor to obtain a patch or fix for this vulnerability. In the meantime, several mitigation strategies can be employed to reduce the risk of exploitation. Users should consider implementing the following measures:\r\n\r\n* **Disable unnecessary features**: Disable any features that allow users to submit code to the sandbox, if possible.\r\n* **Implement network segmentation**: Segment the network to limit the attack surface and prevent lateral movement.\r\n* **Use a Web Application Firewall (WAF)**: Deploy a WAF to detect and block suspicious traffic, including attempts to exploit the vulnerability.\r\n* **Monitor container activity**: Regularly monitor container activity for signs of suspicious behavior.\r\n* **Implement access controls**: Limit access to the container and its resources to authorized personnel only.\r\n* **Use a secure container orchestration tool:** Utilize a secure container orchestration tool to manage and secure containers.\r\n* **Regularly update and patch dependencies**: Ensure that dependencies are up-to-date and patched.\r\n\r\n### Acknowledgments\r\nThe vulnerability was discovered by Jeremy Brown, who used AI-assisted vulnerability research to identify the issue. This document was written by Timur Snoke with assistance from AI.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/414811"},{"url":"https://github.com/cohere-ai/cohere-terrarium","summary":"https://github.com/cohere-ai/cohere-terrarium"}],"title":"Terrarium contains a vulnerability that allows arbitrary code execution","tracking":{"current_release_date":"2026-04-21T13:37:30+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.36"}},"id":"VU#414811","initial_release_date":"2026-04-21 13:37:30.145007+00:00","revision_history":[{"date":"2026-04-21T13:37:30+00:00","number":"1.20260421133730.1","summary":"Released on 2026-04-21T13:37:30+00:00"}],"status":"final","version":"1.20260421133730.1"}},"vulnerabilities":[{"title":"Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.","notes":[{"category":"summary","text":"Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal."}],"cve":"CVE-2026-5752","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#414811"}]}],"product_tree":{"branches":[]}}