GHSA-fjv8-j4p5-cr9m

Suggest an improvement
Source
https://github.com/advisories/GHSA-fjv8-j4p5-cr9m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-fjv8-j4p5-cr9m/GHSA-fjv8-j4p5-cr9m.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fjv8-j4p5-cr9m
Aliases
  • CVE-2026-54319
Published
2026-06-18T17:19:51Z
Modified
2026-06-18T17:30:15.883344118Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Details

Summary

A sandbox volume reference (volumeId, which may also be a volume name) was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volume base directory.

Impact

Had the traversal been reachable, an authenticated user could have caused the runner to bind-mount an unintended host path into their sandbox, with a worst-case impact of read and write access to other tenants' volume data (per-volume FUSE mounts are world-readable and writable).

Important: this path was not exploitable in any released version. A volume reference is validated against the database before it reaches the runner, and the volume id column is a UUID type, so a reference containing traversal sequences is rejected at validation time and the request fails before any mount is constructed. We could not reproduce cross-tenant access or an out-of-base host mount on a released build; the observable effect of the documented payload was a server-side validation error. Severity is assessed as Medium on that basis.

Patches

Fixed in v0.186.0. Volume references are now resolved to the canonical volume UUID server-side before reaching the runner, so a name can never flow downstream as a path component, and the runner confines the mount source to the volume base directory and rejects any non-UUID reference.

Workarounds

Upgrade to v0.186.0 or later. No configuration workaround is required for released versions, which were not exploitable.

Credit

Reported by @vnth4nhnt from CyStack.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20",
        "CWE-22",
        "CWE-250",
        "CWE-269"
    ],
    "github_reviewed_at": "2026-06-18T17:19:51Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}
References

Affected packages

Go / github.com/daytonaio/daytona

Package

Name
github.com/daytonaio/daytona
View open source insights on deps.dev
Purl
pkg:golang/github.com/daytonaio/daytona

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.186.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-fjv8-j4p5-cr9m/GHSA-fjv8-j4p5-cr9m.json"
last_known_affected_version_range 
"<= 0.185.0"