Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Network-reachable invitation endpoint; PR:N because attacker registers a fresh account (no pre-existing privilege); AC:H due to required IdP misconfiguration and knowledge of invited email; scope changes to target org.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted (and declined) by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and matches an invitation's target email against the email in the caller's token, but the invitation accept and decline paths did not require that email to be verified, unlike organization creation, which already enforced verification. On identity providers that allow self-service signup and issue a session before the email is verified, an actor could register an address matching a pending invitation, leave it unverified, and accept the invitation, joining the target organization with the role the invitation carried (up to Owner). This vulnerability is fixed in 0.184.0.
AnalysisAI
Authentication bypass in Daytona prior to 0.184.0 allows attackers to join organizations via pending invitations using unverified email addresses. The invitation accept and decline paths failed to enforce email verification (unlike organization creation), so on OIDC identity providers permitting self-service signup with pre-verification sessions, an attacker registering an email matching a pending invite can claim it and inherit the assigned role - up to Owner. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concrete conditions: (1) a pending Daytona organization invitation must exist for an email address the attacker can register at the configured OIDC identity provider; (2) that IdP must permit self-service signup AND issue a valid session before email verification (Auth0, Keycloak, and similar with default signup flows commonly do); (3) the attacker must know or guess the invited email address. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 8.4 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L) reflects scope change and high impact, tempered by AC:H - the attacker must know (or guess/enumerate) a pending invitation's target email, and the IdP must permit signup without pre-verification. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker learns that alice@victim-corp.com has a pending Daytona Owner invitation (via leaked Slack, email, or enumeration of common admin addresses). They register a new account at the OIDC IdP using that exact email, skip the verification step, log into Daytona with the resulting session, and click 'Accept' on the invitation - joining the victim organization as Owner with full control over workspaces and code-execution sandboxes. |
| Remediation | Vendor-released patch: upgrade to Daytona 0.184.0 or later, which adds the missing email-verified check to the invitation accept and decline paths; see https://github.com/daytonaio/daytona/security/advisories/GHSA-m6hx-cffh-3f3h. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Disable organization invitations or immediately audit and revoke all pending invitations; disable OIDC self-service signup at your identity provider. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-287 – Improper Authentication
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38566