Description
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0.
Published: 2026-06-23
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Daytona is a secure, elastic infrastructure runtime for AI‑generated code execution and agent workflows. From version 0.101.0 through 0.184.0, when a sandbox preview is switched from public to private it can remain reachable without authentication for a brief period after the change, because the cached visibility state is not invalidated. This flaw allows an attacker to view data that should have been private, constituting unauthorized access and information disclosure, and aligns with CWE‑613 and CWE‑863.

Affected Systems

DaytonaIO’s Daytona product versions from 0.101.0 through 0.183.x inclusive are impacted; the vulnerability is fixed in 0.184.0.

Risk and Exploitability

The CVSS score of 7 indicates a medium‑to‑high severity. EPSS is not available and the vulnerability is not listed in KEV. The attack vector is inferred to be remote via the sandbox preview URL, where an adversary can retrieve sensitive content after a visibility change has not yet been fully enforced. The risk lies in accidental or intentional disclosure of data that should have been private, and the exploitation requires only network access to the preview link.

Generated by OpenCVE AI on June 24, 2026 at 10:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Daytona to version 0.184.0 or later to remove the cached visibility flaw.
  • If an upgrade is not immediately possible, disable public sandbox preview functionality until the patch is applied.
  • Ensure that visibility changes trigger immediate cache invalidation by reviewing and testing the configuration and state‑management logic.

Generated by OpenCVE AI on June 24, 2026 at 10:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ww63-pv5x-vfc8 Daytona: Public sandbox previews remain accessible for up to one hour after being made private
History

Thu, 25 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Daytonaio
Daytonaio daytona
Vendors & Products Daytonaio
Daytonaio daytona

Tue, 23 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0.
Title Daytona: Public sandbox previews remain accessible for up to one hour after being made private
Weaknesses CWE-613
CWE-863
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L'}


Subscriptions

Daytonaio Daytona
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T12:43:20.824Z

Reserved: 2026-06-12T18:42:02.223Z

Link: CVE-2026-54321

cve-icon Vulnrichment

Updated: 2026-06-25T12:43:15.273Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:48Z

Weaknesses
  • CWE-613

    Insufficient Session Expiration

  • CWE-863

    Incorrect Authorization