CVE-2026-54319: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1
Summary
Daytona is a platform that runs code generated by AI in a controlled environment (sandbox, which is an isolated space). Before version 0.186, it had a path-traversal vulnerability (a weakness where an attacker can use special character sequences like '../' to access files outside intended directories) that could let someone access files outside the intended storage volume directory by manipulating the volume reference sent to the runner.
Solution / Mitigation
This vulnerability is fixed in version 0.186. Users should upgrade to this version or later.
Vulnerability Details
4.2(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
network
high
low
none
June 23, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54319
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 85%