pkg:Go/github.com/daytonaio/daytona

All known vulnerabilities

• HIGH7.7CVE-2026-54322Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
  from 0, < 0.185.0
• HIGH7.0CVE-2026-54321Daytona: Public sandbox previews remain accessible for up to one hour after being made private
  >= 0.101.0, < 0.184.0
• MEDIUM6.5CVE-2026-54324Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
  from 0, < 0.185.0
• MEDIUM4.2Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
  from 0, < 0.186.0