CVE-2026-54321: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. From 0.101.0
highvulnerability
security
Summary
Daytona is a platform for running code created by AI in a secure, isolated environment (sandbox). In versions 0.101.0 through 0.184.0, when sandbox previews were changed from public to private, they could still be accessed without a password for a short time because the system's cached record of who could see the sandbox was not updated.
Solution / Mitigation
Update to version 0.184.0, where this vulnerability is fixed.
Vulnerability Details
CVSS Score
7(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
network
Attack Complexity
high
Privileges Required
none
User Interaction
none
Disclosure Date
June 23, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54321
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 85%