GHSA-WW63-PV5X-VFC8

Vulnerability from github – Published: 2026-06-16 21:05 – Updated: 2026-06-16 21:05
VLAI
Summary
Daytona: Public sandbox previews remain accessible for up to one hour after being made private
Details

Summary

Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed.

Impact

When a sandbox owner changed a preview from public to private, the preview proxy could continue serving unauthenticated requests to that sandbox's ordinary preview ports for a bounded period before the change took effect. Only sandboxes that had been made public and were later set back to private were affected, and only until the proxy's cached visibility state was refreshed. Terminal, toolbox, and recording-dashboard ports were never affected, as those always require authentication. The issue did not involve cross-tenant access, privilege escalation, or remote code execution.

Patches

Fixed in v0.184.0. Sandbox visibility changes now invalidate the proxy's cached preview state immediately, so revoking a public preview takes effect on the next request.

Workarounds

Upgrade to v0.184.0 or later. There is no configuration workaround for earlier versions.

Credit

Reported through Daytona's Vulnerability Disclosure Program by mrknightnidu(nidalkhan). Linkedin: https://www.linkedin.com/in/mrknight-nidu-031340328/

Severity
7.0 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.183.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/daytonaio/daytona"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.101.0"
            },
            {
              "fixed": "0.184.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54321"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T21:05:13Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nSandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox\u0027s visibility changed.\n\n### Impact\nWhen a sandbox owner changed a preview from public to private, the preview proxy could continue serving unauthenticated requests to that sandbox\u0027s ordinary preview ports for a bounded period before the change took effect. Only sandboxes that had been made public and were later set back to private were affected, and only until the proxy\u0027s cached visibility state was refreshed. Terminal, toolbox, and recording-dashboard ports were never affected, as those always require authentication. The issue did not involve cross-tenant access, privilege escalation, or remote code execution.\n\n### Patches\nFixed in v0.184.0. Sandbox visibility changes now invalidate the proxy\u0027s cached preview state immediately, so revoking a public preview takes effect on the next request.\n\n### Workarounds\nUpgrade to v0.184.0 or later. There is no configuration workaround for earlier versions.\n\n### Credit\nReported through Daytona\u0027s Vulnerability Disclosure Program by **mrknightnidu(nidalkhan)**.\n**Linkedin**: https://www.linkedin.com/in/mrknight-nidu-031340328/",
  "id": "GHSA-ww63-pv5x-vfc8",
  "modified": "2026-06-16T21:05:14Z",
  "published": "2026-06-16T21:05:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/daytonaio/daytona"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Daytona: Public sandbox previews remain accessible for up to one hour after being made private"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.