Impact
Daytona is a secure, elastic infrastructure runtime for AI‑generated code execution and agent workflows. From version 0.101.0 through 0.184.0, when a sandbox preview is switched from public to private it can remain reachable without authentication for a brief period after the change, because the cached visibility state is not invalidated. This flaw allows an attacker to view data that should have been private, constituting unauthorized access and information disclosure, and aligns with CWE‑613 and CWE‑863.
Affected Systems
DaytonaIO’s Daytona product versions from 0.101.0 through 0.183.x inclusive are impacted; the vulnerability is fixed in 0.184.0.
Risk and Exploitability
The CVSS score of 7 indicates a medium‑to‑high severity. EPSS is not available and the vulnerability is not listed in KEV. The attack vector is inferred to be remote via the sandbox preview URL, where an adversary can retrieve sensitive content after a visibility change has not yet been fully enforced. The risk lies in accidental or intentional disclosure of data that should have been private, and the exploitation requires only network access to the preview link.
OpenCVE Enrichment
Github GHSA