Home / Security updates / API credential exposure
API credential exposure
Security updates detail rendered from /security-updates/upd_d1f8d925e2d7717a.
Overview
| ID | upd_d1f8d925e2d7717a |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Daytona |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_d1f8d925e2d7717a |
| providerId | safebase |
| organizationId | org_1822268e5fe0e7aa |
| trustCenterId | tc_44ad2013ad21f1e5 |
| title | API credential exposure |
| message | **Title:** API credential exposure in sandboxes — patched, rotation required if affected **Category:** Security Advisory **Severity:** High **Status:** Resolved **Notify subscribers:** Yes --- On April 9, 2026, we patched a vulnerability that allowed API credentials passed via the Daytona CLI or SDK to be read from sandbox memory by anyone with shell access on the same sandbox. The fix was deployed and verified in every region the same day in under five hours from disclosure to full remediation. We have no evidence of exploitation. ### Am I affected? **Yes**, if you used the CLI or SDK to authenticate to a sandbox launched from the default snapshot (or a custom snapshot that still had sudo) at any point before April 9, 2026, 20:44 UTC. **No**, if your sandboxes only run on custom snapshots without sudo or root. ### What to do If you're in scope, rotate any API keys, service account keys, and CI/CD credentials that were used in the affected window. Rotation lives in the dashboar |
| url | - |
| publishedAt | 2026-04-14 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_1822268e5fe0e7aa",
"name": "Daytona",
"domains": [
"trust.daytona.io",
"daytona.io"
]
} |
| trust_center | {
"id": "tc_44ad2013ad21f1e5",
"name": "Daytona",
"url": "https://trust.daytona.io",
"host": "trust.daytona.io"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_d1f8d925e2d7717a",
"company": "/v1/companies/org_1822268e5fe0e7aa",
"trust_center": "/v1/trust-centers/tc_44ad2013ad21f1e5",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_d1f8d925e2d7717aJSON