Description
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. This vulnerability is fixed in 0.185.0.
Published: 2026-06-23
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Daytona's notification WebSocket gateway allows an authenticated user to subscribe to another organization's realtime notification channel by supplying an arbitrary organizationId during the WebSocket join request, resulting in passive exposure of that organization's events and compromising confidentiality. The flaw originates from the gateway’s failure to verify the organizationId, and it does not provide escalation to execute code or disrupt service. The flaw was mitigated in version 0.185.0. This issue matches CWE-639 and CWE-863.

Affected Systems

This issue affects the Daytona platform from daytonaio, impacting all versions released prior to 0.185.0. No other vendors or product lines are listed.

Risk and Exploitability

The CVSS score of 6.5 denotes moderate severity, reflecting that the flaw can leak confidential data but does not enable further exploitation. EPSS is unavailable, so the likelihood of immediate exploitation remains uncertain, and the vulnerability is not in the CISA KEV catalog. An attacker would need to be an authenticated Daytona user and manipulate the WebSocket join parameters, accepting that the current implementation does not validate the organizationId properly.

Generated by OpenCVE AI on June 24, 2026 at 10:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Daytona to version 0.185.0 or newer to apply the security fix that enforces organizationId validation on WebSocket joins, mitigating the CWE-639 and CWE-863 flaws.
  • Configure the WebSocket gateway to strictly reject any join requests with organizationIds that do not match the authenticated user's organization, ensuring only authorized subscriptions are granted, and thereby addressing the CWE-639 and CWE-863 weaknesses.
  • Monitor audit logs for anomalous cross‑tenant subscription attempts and review any data that may have been inadvertently exposed before the patch is applied.

Generated by OpenCVE AI on June 24, 2026 at 10:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qwxf-2m7m-2m3x Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
History

Thu, 25 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Daytonaio
Daytonaio daytona
Vendors & Products Daytonaio
Daytonaio daytona

Tue, 23 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. This vulnerability is fixed in 0.185.0.
Title Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
Weaknesses CWE-639
CWE-863
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Daytonaio Daytona
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T12:42:48.097Z

Reserved: 2026-06-12T18:42:02.223Z

Link: CVE-2026-54324

cve-icon Vulnrichment

Updated: 2026-06-25T12:42:44.761Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:54Z

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key

  • CWE-863

    Incorrect Authorization