Authentication Bypass in Daytona Infrastructure Runtime by DaytonAI
CVE-2026-54321

7HIGH

Key Information:

Vendor: Daytonaio
Status: Daytona
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-54321?

The Daytona infrastructure runtime allows for AI-generated code execution, but prior to version 0.184.0, a flaw existed where sandbox previews switched from public to private could remain accessible without authentication for a limited time. This occurred due to the cached visibility state not being properly invalidated upon the visibility change, potentially exposing sensitive information to unauthorized users.

Affected Version(s)

daytona >= 0.101.0, < 0.184.0

References

https://github.com/daytonaio/daytona/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 12, 2026

CVE-2026-54321 Data

JSON

Daytonaio

What is CVE-2026-54321?

Affected Version(s)

References

CVSS V3.1

Timeline