Description
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0.
Published: 2026-06-23
Score: 7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Daytona is a secure, elastic infrastructure runtime for AI-generated code execution and agent workflows. In versions 0.101.0 through 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for up to an hour, because a cached visibility state was not invalidated after the visibility change. This flaw allows an attacker to view data that should have been private, constituting unauthorized access and information disclosure; the issue aligns with CWE-613 and CWE-863.

Affected Systems

DaytonaIO’s Daytona product versions from 0.101.0 through 0.184.0 inclusive are impacted; the vulnerability is fixed in 0.184.0.

Risk and Exploitability

The CVSS score of 7 indicates a medium‑to‑high severity. EPSS is not available and the vulnerability is not listed in KEV. The attack vector is inferred to be remote via the sandbox preview URL, where an adversary can retrieve sensitive content after a visibility change has not yet been fully enforced. The risk lies in accidental or intentional disclosure of data that should have been private, and the exploitation requires only network access to the preview link.

Generated by OpenCVE AI on June 24, 2026 at 06:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Daytona to version 0.184.0 or later to remove the cached visibility flaw.
  • If an upgrade is not immediately possible, disable public sandbox preview functionality until the patch is applied.
  • Ensure that visibility changes trigger immediate cache invalidation by reviewing and testing the configuration and state‑management logic.

Generated by OpenCVE AI on June 24, 2026 at 06:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ww63-pv5x-vfc8 Daytona: Public sandbox previews remain accessible for up to one hour after being made private
History

Tue, 23 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0.
Title Daytona: Public sandbox previews remain accessible for up to one hour after being made private
Weaknesses CWE-613
CWE-863
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T18:10:05.521Z

Reserved: 2026-06-12T18:42:02.223Z

Link: CVE-2026-54321

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T07:00:13Z

Weaknesses
  • CWE-613

    Insufficient Session Expiration

  • CWE-863

    Incorrect Authorization