{"data":{"id":"c4a7f188-2382-4359-b6b2-a0fad7e3e615","title":"CVE-2026-54319: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1","summary":"Daytona is a platform that runs code generated by AI in a controlled environment (sandbox, which is an isolated space). Before version 0.186, it had a path-traversal vulnerability (a weakness where an attacker can use special character sequences like '../' to access files outside intended directories) that could let someone access files outside the intended storage volume directory by manipulating the volume reference sent to the runner.","solution":"This vulnerability is fixed in version 0.186. Users should upgrade to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54319","publishedAt":"2026-06-23T19:17:07.810Z","cveId":"CVE-2026-54319","cweIds":["CWE-22","CWE-250","CWE-269"],"cvssScore":"4.2","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Daytona"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-23T19:17:07.810Z","capecIds":["CAPEC-122","CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}