
Critical Security Vulnerability Disclosed in Cohere AI’s Terrarium Sandbox Environment
CybersecurityVulnerabilitiesArtificial IntelligenceSandbox Escape
📌 A critical security vulnerability (CVE-2026-5752) has been disclosed in Cohere AI’s Python-based sandbox environment, Terrarium, with a CVSS score of 9.3. The flaw enables arbitrary code execution with root privileges on the host process through a sandbox escape via JavaScript prototype chain traversal. The issue specifically affects Terrarium’s sandboxing mechanism, allowing attackers to bypass containment and execute malicious code. No specific exploitation timeline or affected versions were detailed in the disclosure. The impact includes full system compromise due to the elevated privileges gained.