{"data":{"id":"2baad874-5ba2-4d8c-b943-fcd7d8808087","title":"CVE-2026-54320: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1","summary":"Daytona is a platform for running code created by AI in a secure way. Before version 0.184.0, there was a security flaw where someone could accept organization invitations without verifying their email address, potentially allowing an attacker to join an organization with high-level permissions by using a fake email account.","solution":"This vulnerability is fixed in version 0.184.0. Users should update Daytona to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54320","publishedAt":"2026-06-23T19:17:07.993Z","cveId":"CVE-2026-54320","cweIds":["CWE-287","CWE-863"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Daytona"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T19:17:07.993Z","capecIds":["CAPEC-114","CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}