Summary
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- MEDIUMGHSA-4HPG-MP64-X7XQ
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
- HIGHGHSA-V2WW-5RH7-2H5V
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
- LOWGHSA-8J37-5W68-WJ2G
OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API