A high-severity sandbox escape vulnerability (CVE-2026-5752) in Cohere AI’s Terrarium tool allows an attacker to break out of an isolated Python execution environment and run arbitrary commands as root on the underlying host system. Terrarium is no longer maintained by Cohere, meaning no patch is forthcoming. Organizations using it to execute LLM-generated or untrusted Python code must mitigate through architectural controls or decommission the tool. Any AI/ML pipeline relying on Terrarium for code execution is exposed until mitigations are in place.