CVE-2026-54319
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox โ cross-tenant data access and host escape
CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
0th
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference (volumeId, which may also be a volume name) was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volume base directory. This vulnerability is fixed in 0.186.
| CWE | CWE-22 CWE-250 CWE-269 |
| Vendor | daytonaio |
| Product | daytona |
| Published | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for daytonaio daytona
Be the first to know when new medium vulnerabilities affecting daytonaio daytona are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
daytonaio / daytona
< 0.186