Threat Intelligence Database

CVE-2026-54322 is an authorization bypass vulnerability in daytonaio's Daytona product prior to version 0.185.0. The issue occurs because the organization role update and delete endpoints verify the caller's ownership of the organization named in the request path but do not verify that the target role identifier belongs to that organization. This allows an authenticated user who owns any organization to modify or delete roles in other organizations if they know the role's identifier. The vulnerability is fixed in version 0.185.0.

CVE-2026-54321 is a vulnerability in daytonaio's daytona product affecting versions from 0.101.0 up to but not including 0.184.0. The issue involves insufficient session expiration where sandbox previews switched from public to private remained accessible without authentication for a short time due to cached visibility state not being invalidated. This could allow unauthorized access to private sandboxes temporarily. The vulnerability has a high severity score of 7. A fix is available in version 0.184.0.

CVE-2026-54320 is an improper authentication vulnerability in daytonaio's daytona product prior to version 0.184.0. The issue allows an attacker to accept or decline organization invitations without verifying their email address, due to the system not enforcing email verification on invitation acceptance paths. This flaw enables an attacker to register an unverified email matching a pending invitation and join the organization with the invitation's role, potentially up to Owner. The vulnerability is fixed in version 0.184.0.

CVE-2026-54319 is a path traversal vulnerability in daytonaio's daytona product prior to version 0.186. The issue arises because sandbox volume references used to build host bind-mount source paths were not properly confined, allowing path-traversal sequences to potentially escape the intended directory. This vulnerability has a medium severity with a CVSS score of 4.2 and is fixed in version 0.186.

CVE-2026-54324 is an authorization bypass vulnerability in the daytonaio Daytona product prior to version 0.185.0. It allows any authenticated user to subscribe to another organization's realtime notification channel via the notification WebSocket gateway, thereby passively receiving that organization's events. This flaw is fixed in version 0.185.0. The vulnerability has a CVSS score of 6.5, indicating medium severity, with high confidentiality impact but no integrity or availability impact.