Skip to main content

Daytona CVE-2026-54321

| EUVDEUVD-2026-38565 HIGH
Insufficient Session Expiration (CWE-613)
2026-06-16 https://github.com/daytonaio/daytona GHSA-ww63-pv5x-vfc8
7.0
CVSS 3.1 · Vendor: https://github.com/daytonaio/daytona
Share

Severity by source

Vendor (https://github.com/daytonaio/daytona) PRIMARY
7.0 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
vuln.today AI
3.7 LOW

Network-reachable and unauthenticated (AV:N/PR:N/UI:N) but requires timing race and prior knowledge of a previously-public URL (AC:H); only confidentiality of preview content is affected (C:L, I:N, A:N).

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/daytonaio/daytona).

CVSS VectorVendor: https://github.com/daytonaio/daytona

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 16, 2026 - 23:20 vuln.today
Analysis Generated
Jun 16, 2026 - 23:20 vuln.today

DescriptionCVE.org

Summary

Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed.

Impact

When a sandbox owner changed a preview from public to private, the preview proxy could continue serving unauthenticated requests to that sandbox's ordinary preview ports for a bounded period before the change took effect. Only sandboxes that had been made public and were later set back to private were affected, and only until the proxy's cached visibility state was refreshed. Terminal, toolbox, and recording-dashboard ports were never affected, as those always require authentication. The issue did not involve cross-tenant access, privilege escalation, or remote code execution.

Patches

Fixed in v0.184.0. Sandbox visibility changes now invalidate the proxy's cached preview state immediately, so revoking a public preview takes effect on the next request.

Workarounds

Upgrade to v0.184.0 or later. There is no configuration workaround for earlier versions.

Credit

Reported through Daytona's Vulnerability Disclosure Program by mrknightnidu(nidalkhan). Linkedin: https://www.linkedin.com/in/mrknight-nidu-031340328/

AnalysisAI

Stale authorization caching in Daytona's preview proxy allows unauthenticated access to sandbox previews for a bounded window after their owner switches visibility from public back to private. The flaw affects versions 0.101.0 through 0.183.0 and is limited to ordinary preview ports - terminal, toolbox, and recording-dashboard ports remained protected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover previously-public preview URL
Delivery
Wait for owner to set sandbox private
Exploit
Replay request to preview proxy
Execution
Hit stale cached 'public' decision
Impact
Read sandbox preview content anonymously

Vulnerability AssessmentAI

Exploitation Requires all of the following: (1) the target Daytona sandbox preview was previously set to public and the attacker obtained or guessed its preview URL while it was public; (2) the owner has just toggled that preview from public to private; (3) the request hits the preview proxy before the cached visibility state refreshes (bounded window, up to ~1 hour per advisory). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L scoring 7.0 reflects an internet-reachable, unauthenticated condition but with high attack complexity, which fits the race-against-cache-expiry nature of the bug - the attacker must already know (or guess) the preview URL of a sandbox that very recently transitioned from public to private. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already knows the URL of a Daytona sandbox preview that was recently public - for example one shared in a chat, demo, or commit - repeatedly polls that URL after the owner switches it to private, and continues to receive unauthenticated responses with potentially sensitive in-development content until the proxy's cached visibility state refreshes (up to roughly an hour per the advisory title). No public exploit is identified at time of analysis; exploitation is opportunistic rather than a remote takeover.
Remediation Vendor-released patch: upgrade to Daytona v0.184.0 or later, in which visibility changes synchronously invalidate the proxy's cached preview state so revocation takes effect on the next request (https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all deployed Daytona versions; immediately review access logs if any fall within 0.101.0-0.183.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54321 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy