CP
cyberpings

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution

A critical flaw in Cohere AI's Terrarium sandbox allows attackers to execute code with root privileges. This poses a significant risk to sensitive data. Users are urged to take immediate action to secure their systems.

VulnerabilitiesCRITICALUpdated: Published:
Featured image for Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution

Original Reporting

THThe Hacker News

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, a flaw in a coding tool lets bad actors run harmful commands on your computer.

What Happened

A serious security vulnerability has been discovered in Cohere AI's Terrarium, a Python-based sandbox used for running untrusted code. This flaw, tracked as CVE-2026-5752, has a CVSS score of 9.3, indicating a critical risk. It allows attackers to execute arbitrary code with root privileges on the host process through a JavaScript prototype chain traversal.

The Flaw

The vulnerability arises from how Terrarium interacts with the Pyodide WebAssembly environment. When exploited, it enables attackers to escape the sandbox's confines, potentially executing system commands as root. This could lead to unauthorized access to sensitive files, such as /etc/passwd, and allow attackers to reach other services within the container's network. Although exploitation requires local access, it does not necessitate user interaction or special privileges.

Who's Affected

The flaw affects users of the Terrarium sandbox, particularly those utilizing it for running untrusted code in a Docker-deployed environment. As the project is no longer actively maintained, users are left vulnerable without an official patch.

What You Should Do

To mitigate risks associated with this vulnerability, users should consider the following actions:

Containment

  • 1.Disable features that allow users to submit code to the sandbox, if possible.
  • 2.Segment the network to limit the attack surface and prevent lateral movement.
  • 3.Deploy a Web Application Firewall to detect and block suspicious traffic.
  • 4.Monitor container activity for signs of suspicious behavior.

Remediation

  • 5.Limit access to the container and its resources to authorized personnel only.
  • 6.Use a secure container orchestration tool to manage and secure containers.
  • 7.Ensure that dependencies are up-to-date and patched.

Conclusion

The discovery of this vulnerability highlights the importance of maintaining security in coding environments. Users must take proactive measures to protect their systems from potential exploitation. As the Terrarium project lacks active maintenance, the risk of this vulnerability being exploited remains high, necessitating immediate attention from affected users.

🔒 Pro Insight

🔒 Pro insight: The lack of active maintenance for Terrarium increases the likelihood of exploitation — immediate containment measures are essential.

THThe Hacker News
Read Original

Share

Related Pings

Preview image for Anthropic Bets on EPSS to Manage Vulnerability Surge
Vulnerabilities
HIGH

Anthropic Bets on EPSS to Manage Vulnerability Surge

Anthropic's Mythos accelerates vulnerability discovery, prompting a need for effective prioritization. EPSS offers a way to manage the influx of new vulnerabilities. Security leaders are adapting to this rapid change, but challenges remain in critical sectors.

CSCSO Online
Read PingRead Source
Preview image for CrowdStrike LogScale - Critical Path Traversal Vulnerability
Vulnerabilities
CRITICAL

CrowdStrike LogScale - Critical Path Traversal Vulnerability

CrowdStrike has alerted users about a critical vulnerability in LogScale that allows remote attackers to read server files without authentication. Self-hosted customers must upgrade immediately to avoid risks. The company has already mitigated the threat for SaaS users.

CSCyber Security News
Read PingRead Source
Preview image for Oracle April 2026 Critical Patch Update Addresses 241 CVEs, Highlights Critical Vulnerabilities
Vulnerabilities Widely Reported (3 sources)
HIGH

Oracle April 2026 Critical Patch Update Addresses 241 CVEs, Highlights Critical Vulnerabilities

Oracle's April 2026 Critical Patch Update addresses 241 CVEs with 481 security patches, including 34 critical vulnerabilities. Organizations are urged to apply these patches immediately to mitigate risks.

TETenable Blog+2 more
Read PingRead Source
Preview image for Windows Defender - Unpatched Exploits Under Active Attack
Vulnerabilities
HIGH

Windows Defender - Unpatched Exploits Under Active Attack

Three exploits are actively targeting Windows Defender, with two still unpatched. This poses a major risk to users relying on Microsoft's security. Stay vigilant and informed.

DRDark Reading
Read PingRead Source
Preview image for Fortra Addresses Vulnerabilities in GoAnywhere MFT Software
Vulnerabilities
HIGH

Fortra Addresses Vulnerabilities in GoAnywhere MFT Software

Fortra has issued security advisories for vulnerabilities in their GoAnywhere MFT software. Versions prior to 7.10.0 are at risk of brute force attacks. Users should update immediately to secure their systems.

CCCanadian Cyber Centre Alerts
Read PingRead Source
Vulnerabilities
MEDIUM

Zero Motorcycles Firmware - Bluetooth Vulnerability Exposed

A Bluetooth vulnerability in Zero Motorcycles firmware allows unauthorized access to critical functions. Versions 44 and earlier are at risk, prompting a firmware update in May 2026.

CICISA Advisories
Read PingRead Source