Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
Summary A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. Impact The notification gateway's JWT handshake joined a...