Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
Description
Daytona's role update/delete endpoints lack cross-organization verification, allowing any org owner to modify or delete roles in another organization using the role's ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Daytona's role update/delete endpoints lack cross-organization verification, allowing any org owner to modify or delete roles in another organization using the role's ID.
Vulnerability
Daytona's organization role update and delete endpoints in all versions up to and including 0.184.0 authorize the caller as an owner of the organization named in the request path, but they resolve and mutate the target role solely by its identifier (role_id) without verifying that the role belongs to that organization [1]. This authorization bypass is a cross-tenant insecure direct object reference (IDOR) present in the managed Daytona platform and any multi-tenant self-hosted deployment.
Exploitation
An authenticated user who owns at least one organization (organizations are self-service) can exploit this by crafting a request to the role update or delete endpoint with their own organization in the path, but providing a victim role's identifier as the target. The attacker must know the target role's identifier; this identifier is not enumerable across organizations and is not exposed to non-members via the API, reducing but not eliminating the attack surface [1].
Impact
Successful exploitation allows the attacker to overwrite the victim role's name and permission set (escalating or stripping privileges for every member and API key in the victim organization that holds that role) or delete the role entirely, removing all associated permissions. The update response also returns the victim role's current permission set, providing limited information disclosure [1].
Mitigation
The vulnerability is fixed in Daytona version 0.185.0, released alongside the advisory [1]. The role update, delete, and role-assignment lookups are now scoped to the caller's organization; any role identifier that does not belong to the requester's organization resolves as "not found" before any read or mutation. The managed Daytona platform was updated upon release of 0.185.0. No workarounds are available; single-organization self-hosted deployments are not exploitable because the bug requires a second organization to target [1].
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.