Vulnerabilidades em daytonaio
6 resultadosCVE-2026-54324MEDIUMDaytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId joinEPSS 0.3%CVE-2026-54321HIGHDaytona: Public sandbox previews remain accessible for up to one hour after being made privateEPSS 0.2%CVE-2026-54320HIGHDaytona: Cross-tenant organization takeover via invitation acceptance with an unverified emailEPSS 0.2%CVE-2026-54322HIGHDaytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's rolesEPSS 0.2%CVE-2026-54319MEDIUMDaytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escapeEPSS 0.2%CVE-2026-54323MEDIUMDaytona: Git credential leak via git clone with TLS verification disabledEPSS 0.1%