CVE-2026-54320: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1
highvulnerability
security
Summary
Daytona is a platform for running code created by AI in a secure way. Before version 0.184.0, there was a security flaw where someone could accept organization invitations without verifying their email address, potentially allowing an attacker to join an organization with high-level permissions by using a fake email account.
Solution / Mitigation
This vulnerability is fixed in version 0.184.0. Users should update Daytona to this version or later.
Vulnerability Details
CVSS Score
8.4(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack Vector
network
Attack Complexity
high
Privileges Required
low
User Interaction
none
Disclosure Date
June 23, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54320
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 85%