VU#414811: Terrarium contains a vulnerability that allows arbitrary code execution

Overview

Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileges on the host Node.js process. This vulnerability is caused by a JavaScript prototype chain traversal in the Pyodide WebAssembly environment.

Description

The root cause of the vulnerability lies in the configuration of jsglobals objects in service.ts. Specifically, the mock document object is created using a standard JavaScript object literal, which inherits properties from Object.prototype. This inheritance chain allows sandbox code to traverse up to the function constructor, create a function that returns globalThis, and from there access Node.js internals, including require(). As a result, an attacker can escape the sandbox and execute arbitrary system commands as root within the container.

CVE-2026-5752
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

Impact

Applications that use Terrarium for sandboxed code execution may be compromised, allowing an attacker to:

• Execute arbitrary commands as root inside the container
• Access and modify sensitive files, including /etc/passwd and environment variables
• Reach other services on the container’s network, including databases and internal APIs
• Potentially escape the container and escalate privileges further

Mitigation

Unfortunately, we were unable to coordinate with the vendor to obtain a patch or fix for this vulnerability. In the meantime, several mitigation strategies can be employed to reduce the risk of exploitation. Users should consider implementing the following measures:

• Disable unnecessary features: Disable any features that allow users to submit code to the sandbox, if possible.
• Implement network segmentation: Segment the network to limit the attack surface and prevent lateral movement.
• Use a Web Application Firewall (WAF): Deploy a WAF to detect and block suspicious traffic, including attempts to exploit the vulnerability.
• Monitor container activity: Regularly monitor container activity for signs of suspicious behavior.
• Implement access controls: Limit access to the container and its resources to authorized personnel only.
• Use a secure container orchestration tool: Utilize a secure container orchestration tool to manage and secure containers.
• Regularly update and patch dependencies: Ensure that dependencies are up-to-date and patched.

Acknowledgments

The vulnerability was discovered by Jeremy Brown, who used AI-assisted vulnerability research to identify the issue. This document was written by Timur Snoke with assistance from AI.