Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-54321
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-23 Jun, 2026 | 18:10
Updated At-23 Jun, 2026 | 18:10
Rejected At-
▼CVE Numbering Authority (CNA)
Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. This vulnerability is fixed in 0.184.0.

Affected Products
Vendor
daytonaio
Product
daytona
Versions
Affected
  • >= 0.101.0, < 0.184.0
Problem Types
TypeCWE IDDescription
CWECWE-613CWE-613: Insufficient Session Expiration
CWECWE-863CWE-863: Incorrect Authorization
Type: CWE
CWE ID: CWE-613
Description: CWE-613: Insufficient Session Expiration
Type: CWE
CWE ID: CWE-863
Description: CWE-863: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8
x_refsource_CONFIRM
Hyperlink: https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8
Resource:
x_refsource_CONFIRM
Details not found