CVE-2026-54324: Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.1
mediumvulnerability
security
Summary
Daytona is a platform that runs code generated by AI safely and efficiently. Before version 0.185.0, it had a cross-tenant authorization flaw (a security problem where access controls between separate organizations failed), which let any logged-in user listen to another organization's real-time notifications and see their events without permission.
Solution / Mitigation
This vulnerability is fixed in version 0.185.0.
Vulnerability Details
CVSS Score
6.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
network
Attack Complexity
low
Privileges Required
low
User Interaction
none
Disclosure Date
June 23, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-54324
First tracked: June 24, 2026 at 02:13 AM
Classified by LLM (prompt v3) · confidence: 85%