Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded yesterday3 views

CVE-2026-54322

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS0.00028EPSS
Exploits0References1
NVD
NVDadded yesterday5 views

CVE-2026-54324

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS
Exploits0References1
Cvelist
Cvelistadded yesterday7 views

CVE-2026-54322 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS0.00028EPSS
Exploits0References1
EUVD
EUVDadded yesterday3 views

EUVD-2026-38563

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00028EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded yesterday2 views

CVE-2026-54322

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00028EPSS
Exploits0References2Affected Software1
CVE
CVEadded yesterday10 views

CVE-2026-54322

The CVE-2026-54322 issue affects Daytona prior to 0.185.0, where organization role update/delete endpoints granted access based on the caller’s ownership of an org but validated the target role only by its identifier, not by org ownership. This cross-org IDOR lets an authenticated user who owns a...

7.7CVSS6.3AI score0.00028EPSS
Exploits0References1
CVE
CVEadded yesterday15 views

CVE-2026-54324

CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...

6.5CVSS6.3AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/06/16 9:30 p.m.7 views

Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An authenticated user who ow...

7.7CVSS5.3AI score0.00028EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder