CVE-2026-54321
Deferred Deferred - Pending Action
Information Disclosure in Daytona AI Runtime

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54321
EUVD
EUVD-2026-38565
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
daytonaio daytona From 0.101.0 (inc) to 0.184.0 (exc)
daytonaio daytona 0.184.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-613 According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Daytona infrastructure runtime for AI-generated code execution and agent workflows. Specifically, when sandbox previews were switched from public to private, they could remain accessible without authentication for a short period due to a cached visibility state that was not immediately invalidated.

This means that even after changing a sandbox's visibility to private, unauthenticated users could still access it until the proxy's cached state refreshed. The issue impacted versions from 0.101.0 up to 0.183.0 and was fixed in version 0.184.0.

The vulnerability did not allow cross-tenant access, privilege escalation, or remote code execution, and only affected sandboxes that had been public and then set to private.

Impact Analysis

This vulnerability can lead to unauthorized access to sandbox previews that were intended to be private, potentially exposing sensitive information or code during the window before the cached visibility state is refreshed.

Since the vulnerability allows unauthenticated access temporarily, it could result in confidentiality breaches. However, it does not allow privilege escalation, cross-tenant access, or remote code execution.

Users of affected Daytona versions should upgrade to version 0.184.0 or later to mitigate this risk, as there is no configuration workaround for earlier versions.

Detection Guidance

This vulnerability involves sandbox previews in Daytona remaining accessible without authentication for a short period after being switched from public to private due to cached visibility state.

To detect this issue on your network or system, you can attempt unauthenticated access to sandbox preview ports shortly after changing their visibility from public to private.

Since the vulnerability allows unauthenticated requests to preview ports until the proxy's cached state refreshes, you can use network scanning or HTTP request tools to test access.

  • Use curl or similar tools to send requests to the sandbox preview URLs immediately after changing visibility, checking if authentication is still bypassed.
  • Example command: curl -v http://<sandbox-preview-url> to see if access is granted without authentication.
  • Monitor network traffic for unauthenticated access attempts to preview ports during the visibility change window.
Mitigation Strategies

The primary mitigation step is to upgrade Daytona to version 0.184.0 or later, where the vulnerability is fixed by immediate invalidation of the proxy's cached visibility state.

There is no configuration workaround available for earlier versions, so upgrading is essential.

Additionally, avoid relying on the visibility change feature without authentication until the upgrade is applied.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54321. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart