Skip to main content

Daytona CVE-2026-54324

| EUVDEUVD-2026-38562 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-17 https://github.com/daytonaio/daytona GHSA-qwxf-2m7m-2m3x
6.5
CVSS 3.1 · Vendor: https://github.com/daytonaio/daytona
Share

Severity by source

Vendor (https://github.com/daytonaio/daytona) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-accessible WebSocket endpoint; PR:L because valid JWT required; C:H for cross-tenant event data exposure; no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/daytonaio/daytona).

CVSS VectorVendor: https://github.com/daytonaio/daytona

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 18, 2026 - 01:55 vuln.today
Analysis Generated
Jun 18, 2026 - 01:55 vuln.today

DescriptionCVE.org

Summary

A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events.

Impact

The notification gateway's JWT handshake joined a client-supplied organization identifier to the corresponding notification room without verifying that the authenticated user was a member of that organization. As a result, an authenticated user could receive another organization's realtime sandbox, snapshot, volume, and runner events, including data carried in those events. This is a cross-tenant confidentiality break. It required a valid account and knowledge of the target organization id (a non-secret UUID); no elevated privileges were needed. The API-key authentication path was not affected.

The affected component is the Daytona API service (the apps/api NestJS application). It is distributed through Daytona's repository releases and container images for self-hosted deployments; it is not published as a Go or npm package, so the advisory will not surface through go get or npm dependency tooling.

Affected Versions

>= 0.101.0, <= 0.184.0

Patched Versions

0.185.0

Credit

@vnth4nhnt from CyStack

AnalysisAI

Cross-tenant confidentiality breach in Daytona's notification WebSocket gateway (versions 0.101.0 through 0.184.0) allows any JWT-authenticated user to passively receive realtime event data belonging to a different organization by supplying an arbitrary organization UUID during the WebSocket handshake. The gateway's JWT authentication flow accepted the client-supplied organizationId and joined the corresponding notification room without verifying organizational membership, exposing sandbox, snapshot, volume, and runner events across tenant boundaries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid Daytona JWT via standard account login
Delivery
Enumerate or obtain target organization UUID via API or prior knowledge
Exploit
Initiate WebSocket connection to notification gateway
Execution
Supply victim organizationId in handshake room join
Persist
Gateway subscribes attacker to victim's notification room
Impact
Passively receive cross-tenant sandbox, snapshot, volume, and runner events

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid Daytona account authenticated via JWT (the API-key authentication path is explicitly unaffected and not exploitable through this vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, score 6.5) is well-calibrated for this vulnerability: network-accessible, low complexity, requiring only a standard authenticated account (PR:L) with no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Daytona user discovers or enumerates a target organization's UUID through API responses, shared infrastructure context, or administrative disclosure. The attacker opens a WebSocket connection to the Daytona notification gateway using their own valid JWT, supplying the victim organization's UUID as the room identifier during the handshake. …
Remediation Upgrade to Daytona 0.185.0, which introduces server-side organizational membership validation during the WebSocket JWT handshake, preventing unauthorized cross-tenant room subscriptions. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Share

CVE-2026-54324 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy