Full Report
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal," according to
Analysis Summary
# Vulnerability: Sandbox Escape in Terrarium Python Sandbox
## CVE Details
- **CVE ID:** CVE-2026-5752
- **CVSS Score:** 9.3 (Critical)
- **CWE:** CWE-1321 (Improper Control of Generation of Code - Prototype Pollution/Chain Traversal)
## Affected Systems
- **Products:** Terrarium (Python-based sandbox environment)
- **Versions:** Not explicitly listed in the snippet (Typically all versions prior to the patch release).
- **Configurations:** Systems running Terrarium where JavaScript execution or interaction is handled within the sandbox environment.
## Vulnerability Description
CVE-2026-5752 is a sandbox escape vulnerability arising from improper handling of JavaScript objects within the Terrarium environment. The flaw centers on a **Prototype Chain Traversal**. In a typical sandbox, guest code should be isolated from the host's underlying processes and memory. However, an attacker can manipulate the JavaScript prototype chain to traverse the boundary between the sandboxed script and the host Python process.
Because the sandbox lacks sufficient validation of object inheritance and property access, an attacker can move "up" the chain to access the host's execution context. This leads to a breakout, allowing the attacker to execute Python commands outside the restricted environment.
## Exploitation
- **Status:** Vulnerability disclosed; PoC availability not confirmed in provided text (likely available given the technical detail).
- **Complexity:** Medium (Requires knowledge of JavaScript prototype manipulation and Terrarium internals).
- **Attack Vector:** Local/Network (Depends on how the sandbox is exposed; typically via submitting malicious JS code to the sandbox).
## Impact
- **Confidentiality:** High (Full access to host data and system files).
- **Integrity:** High (Arbitrary code execution with **root privileges** on the host process).
- **Availability:** High (Host system can be compromised or shut down).
## Remediation
### Patches
- Users should update to the latest version of Terrarium as specified by the vendor (refer to official repositories for the version addressing CVE-2026-5752).
### Workarounds
- **Disable JavaScript execution:** If JavaScript functionality is not required within the sandbox, disable the JS bridge.
- **Restrict Permissions:** Ensure the host process running the Terrarium sandbox is not running with root/administrative privileges, which would limit the impact of an escape.
## Detection
- **Indicators of Compromise:** Unusual child processes spawning from the Terrarium host process; unauthorized modifications to host system files; suspicious network connections originating from the Python host.
- **Detection methods and tools:** Audit logs for Python `subprocess` or `os.system` calls originating from the sandbox process. Monitor for attempts to access `__proto__` or `constructor` properties in incoming scripts.
## References
- **Vendor Advisories:** [hXXps://github[.]com/terrarium-project/security/advisories]
- **Vulnerability Databases:** [hXXps://nvd[.]nist[.]gov/vuln/detail/CVE-2026-5752]