Critical Vulnerability in Cohere AI Sandbox Allows Remote Code Execution
AI-generated from multiple sources. Verify before acting on this reporting.
A critical security flaw in Cohere AI's open-source Python sandbox, Terrarium, allows attackers to execute arbitrary root code and escape container boundaries, researchers confirmed Tuesday.
The vulnerability, designated CVE-2026-5752, stems from a JavaScript prototype chain traversal issue within the Pyodide WebAssembly environment. Security researcher Jeremy Brown discovered the flaw, which enables malicious actors to bypass the sandbox's security controls. The defect affects the global deployment of Terrarium, which is widely used in Docker-deployed containers for isolating untrusted code.
Cohere AI acknowledged the issue and is working on a patch. The company stated that the vulnerability could allow an attacker to gain full control over the host system if the sandbox is exploited. CERT/CC, the advisory body for computer emergency response, issued a warning urging users to update their systems immediately. SentinelOne, a cybersecurity firm, conducted an analysis of the exploit and confirmed the severity of the threat.
The flaw arises because the Pyodide environment, which runs Python code in a web browser or similar environment, does not properly restrict access to JavaScript objects. This allows attackers to traverse the prototype chain and manipulate the underlying system. The issue is particularly dangerous because it affects the core security mechanism of the sandbox, which is designed to prevent such attacks.
Experts warn that the vulnerability could be exploited in the wild, as the code is open-source and widely available. The potential impact is significant, as Terrarium is used by developers and organizations to safely test and run untrusted code. The flaw could lead to data breaches, system compromises, and other security incidents.
Cohere AI has released a statement urging users to apply the latest security patches and to monitor their systems for signs of exploitation. The company is also working with CERT/CC and other security organizations to provide guidance on mitigating the risk.
The discovery of the vulnerability highlights the ongoing challenges in securing open-source software and the importance of rigorous security testing. As the cybersecurity landscape evolves, developers and organizations must remain vigilant and proactive in addressing potential threats.
The situation remains fluid as Cohere AI continues to work on a fix. Users are advised to stay informed and take immediate action to protect their systems. The full extent of the vulnerability and the number of affected systems remain unknown.