{"data":{"id":"9ea7a4a4-b0e2-4df9-b7d9-251371dfc007","title":"CVE-2026-54322: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1","summary":"Daytona is a platform for running code created by AI systems in a secure way. Before version 0.185.0, it had a flaw where a user who owned any organization could change or delete roles (permission sets) from a completely different organization if they knew the role's ID, because the system didn't properly verify that the role belonged to the organization being modified.","solution":"This vulnerability is fixed in version 0.185.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54322","publishedAt":"2026-06-23T19:17:08.370Z","cveId":"CVE-2026-54322","cweIds":["CWE-639","CWE-862"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Daytona"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T19:17:08.370Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}