{"data":{"id":"30eb39af-d21a-48a6-9162-fd7ae1dd537e","title":"CVE-2026-54323: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1","summary":"Daytona, a tool for running AI-generated code safely, had a security flaw before version 0.185.0 where it didn't verify TLS certificates (the security credentials that prove a website is authentic) when cloning Git repositories (copying code from remote servers). This meant an attacker intercepting the connection could steal Git credentials (login information) and replace the real code with fake, harmful code.","solution":"This vulnerability is fixed in version 0.185.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54323","publishedAt":"2026-06-23T18:18:09.017Z","cveId":"CVE-2026-54323","cweIds":["CWE-295"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Daytona"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T18:18:09.017Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}