CVE Catalog

CVE-2026-54319

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

In versions prior to 0.186, Daytona's sandbox volume reference (volumeId) was forwarded to the runner, potentially allowing unauthorized access to paths outside the intended base directory. The use of path-traversal sequences could enable the construction of the host bind-mount source path without proper confinement.

Risk Assessment

Organizations may be exposed to unauthorized access to data or resources, leading to serious security breaches. Potential exploitation of this vulnerability could result in loss of data confidentiality.

Recommendation

It is recommended to upgrade to version 0.186 or later to mitigate this vulnerability. Additionally, conducting an audit of existing configurations to identify potential threats is advised.

Original NVD description (English source)

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference (volumeId, which may also be a volume name) was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volume base directory. This vulnerability is fixed in 0.186.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS