EUVD-2026-22676

| CVE-2026-5752 CRITICAL
2026-04-14 [email protected] GHSA-cmpr-pw8g-6q6c
RCE
9.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Updated
Apr 17, 2026 - 15:31 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 22:35 vuln.today
CVSS Changed
Apr 14, 2026 - 20:22 NVD
9.3 (CRITICAL)

DescriptionNVD

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

AnalysisAI

Sandbox escape in Cohere Terrarium JavaScript execution environment allows local attackers to break containment and execute arbitrary code with root privileges on the host system via prototype chain traversal. CVSS 9.3 reflects critical severity with scope change (sandbox-to-host escape). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and inventory all systems running Cohere Terrarium; restrict local access to Terrarium environments to trusted users only and disable if operationally feasible. Within 7 days: Isolate affected systems from sensitive data and critical infrastructure; implement enhanced logging and monitoring for Terrarium process execution and privilege escalation attempts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22676 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy