Strix
26.1K

CVE-2026-54323

MEDIUMCVSS 5.9/10EPSS 0.12%

Last modified

CVE-2026-54323 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. EPSS estimates a 0.12% chance of exploitation in the next 30 days.

Description

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.

Metrics

CVSS 3.1
5.9/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

EPSS Probability
0.12%

2.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2026-54323?
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.
How severe is CVE-2026-54323?
CVE-2026-54323 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 0.12% probability of exploitation in the next 30 days.
How do I fix CVE-2026-54323?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-54323?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST