What is CVE-2026-54321?

CVE-2026-54321 is a high-severity vulnerability in Daytonaio Daytona, classified under Insufficient Session Expiration. CVSS score: 7.0/10. Published 2026-06-23.

How severe is CVE-2026-54321?

High severity. CVSS v3 base score is 7.0 out of 10.

Auth bypass in Daytonaio Daytona

CVE-2026-54321

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0 until 0.184.0, sandbox previews that were switched from public to private could remain reachable without authenticatio…

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L.

Affected products

Daytonaio Daytona — versions >= 0.101.0, < 0.184.0

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration
CWE-863 — Incorrect Authorization

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-54321?: CVE-2026-54321 is a high-severity vulnerability in Daytonaio Daytona, classified under Insufficient Session Expiration. CVSS score: 7.0/10. Published 2026-06-23.
How severe is CVE-2026-54321?: High severity. CVSS v3 base score is 7.0 out of 10.