CVE-2026-54323: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1
mediumvulnerability
security
Summary
Daytona, a tool for running AI-generated code safely, had a security flaw before version 0.185.0 where it didn't verify TLS certificates (the security credentials that prove a website is authentic) when cloning Git repositories (copying code from remote servers). This meant an attacker intercepting the connection could steal Git credentials (login information) and replace the real code with fake, harmful code.
Solution / Mitigation
This vulnerability is fixed in version 0.185.0.
Vulnerability Details
CVSS Score
5.9(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector
network
Attack Complexity
high
Privileges Required
none
User Interaction
required
Disclosure Date
June 23, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54323
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 85%