Daytona Trust Center | Powered by SafeBase

Overview

Welcome to Daytona's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

Documents

Featured Documents

POLICIESInformation Security Policy

LEGALCyber Insurance

REPORTSPentest Report

COMPLIANCESOC 2 Type 1

COMPLIANCEHIPAA

COMPLIANCESOC 2

Risk Profile

Product Security

Reports

Data Security

App Security

AI

ESG

Legal

Data Privacy

Access Control

Infrastructure

Endpoint Security

Network Security

Corporate Security

Policies

Incident Response

Risk Management

Asset Management

BC/DR

Training

Change Management

Continuous Monitoring

Trust Center Updates

CVE-2026-31431 ("Copy Fail")

Copy link

Vulnerabilities

Title: CVE-2026-31431 ("Copy Fail") — Linux kernel page cache write primitive, fully remediated

Category: Security Advisory
Severity: High
Status: Resolved
Notify subscribers: Yes

On April 29, 2026, a Linux kernel vulnerability (CVE-2026-31431, "Copy Fail") was publicly disclosed in the authencesn AEAD cryptographic template, reachable from userspace via the AF_ALG socket interface (algif_aead). The flaw allows an unprivileged process to perform a deterministic, controlled write into the kernel page cache without modifying anything on disk. On multi-tenant hosts, this creates a theoretical path for one sandbox to corrupt cached file content visible to co-tenant sandboxes. All Daytona infrastructure was fully remediated within 12 hours of disclosure. We have no evidence of exploitation, and the Sysbox runtime isolation boundary was not breached.

Am I affected?

No action is required. Daytona infrastructure is fully remediated across all regions.

Yes, your environment was in scope for the mitigation if you were running sandboxes on Daytona between April 29 and April 30, 2026 — but remediation was applied automatically without customer action.

What we did

Patched the Linux kernel where available.
Blacklisted the algif_aead module on hosts as an immediate, defense-in-depth mitigation.
Rotated all API credentials associated with runner infrastructure as a precaution.
Paused all new user and organization signups during the active response window; signups have since resumed.

More

Full write-up: https://www.daytona.io/dotfiles/updates/security-update-cve-2026-31431-copy-fail
Questions: security@daytona.io

API credential exposure

Copy link

Vulnerabilities

Title: API credential exposure in sandboxes — patched, rotation required if affected

Category: Security Advisory
Severity: High
Status: Resolved
Notify subscribers: Yes

On April 9, 2026, we patched a vulnerability that allowed API credentials passed via the Daytona CLI or SDK to be read from sandbox memory by anyone with shell access on the same sandbox. The fix was deployed and verified in every region the same day in under five hours from disclosure to full remediation. We have no evidence of exploitation.

Am I affected?

Yes, if you used the CLI or SDK to authenticate to a sandbox launched from the default snapshot (or a custom snapshot that still had sudo) at any point before April 9, 2026, 20:44 UTC.

No, if your sandboxes only run on custom snapshots without sudo or root.

What to do

If you're in scope, rotate any API keys, service account keys, and CI/CD credentials that were used in the affected window. Rotation lives in the dashboard under Settings → API Keys.

Then review your audit logs for that same window for any sandbox operations, key usage, or admin actions you can't attribute to a known source. If anything looks off, email security@daytona.io.

A successful exploit would look identical to normal API traffic in our logs, so we can't prove a clean negative. Please treat rotation as required, not precautionary.

More

Full write-up: Security Advisory: API Credential Exposure in Sandboxes
Questions: security@daytona.io