CVE-2026-5752
Terrarium · Terrarium
A sandbox escape vulnerability in Terrarium allows for arbitrary code execution with root privileges on the host system.
Executive summary
A critical sandbox escape vulnerability in Terrarium allows attackers to gain unauthorized root-level code execution on the underlying host process.
Vulnerability
The vulnerability involves a sandbox escape via JavaScript prototype chain traversal, which permits an attacker to break out of the restricted environment and execute code with root privileges on the host.
Business impact
With a CVSS score of 9.3, this vulnerability represents a severe threat to host security and container isolation. Successful exploitation enables an attacker to move from a sandboxed application to the underlying host system with full administrative rights. This facilitates total system takeover, data theft, and potential persistence mechanisms that can be difficult to detect.
Remediation
Immediate Action: Update the Terrarium environment to the latest security release provided by the vendor.
Proactive Monitoring: Monitor host system logs for unauthorized process execution, unexpected privilege escalation events, or suspicious modifications to system files.
Compensating Controls: Utilize container security tools to monitor for sandbox escapes and enforce strict resource limits and security profiles (e.g., AppArmor or SELinux) to limit the impact of a potential breakout.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The ability to escape a sandbox and gain root access is a severe security failure. All instances of the affected software must be updated immediately. Security teams should treat this as a high-priority incident until all production environments are patched.