Skip to main content

Daytona CVE-2026-54323

| EUVDEUVD-2026-38561 MEDIUM
Improper Certificate Validation (CWE-295)
2026-06-23 GitHub_M
5.9
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
vuln.today AI
5.9 MEDIUM

MITM prerequisite justifies AC:H; no attacker privileges needed (PR:N); clone must be triggered (UI:R); credentials fully exposed (C:H) but integrity impact is limited to tampered repo content (I:L).

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jun 23, 2026 - 20:01 EUVD
Analysis Generated
Jun 23, 2026 - 18:35 vuln.today

DescriptionCVE.org

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.

AnalysisAI

Git credential exposure in Daytona's daemon (all versions prior to 0.185.0) allows a network-positioned attacker to silently harvest HTTP Basic Authorization headers by exploiting a complete absence of TLS certificate validation on both the go-git and native git CLI clone code paths. An attacker with man-in-the-middle capability on clone traffic can present any fraudulent TLS certificate, capture the Git credentials supplied for the clone, and simultaneously inject tampered repository content into the execution sandbox - threatening both credential confidentiality and supply-chain integrity of AI-generated code workflows. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain MITM position on clone traffic
Delivery
Intercept outbound HTTPS clone request
Exploit
Present fraudulent TLS certificate (accepted due to disabled validation)
Execution
Capture HTTP Basic Authorization header with Git credentials
Persist
Optionally serve tampered repository content to Daytona sandbox
Impact
Reuse harvested credentials against upstream Git host

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a man-in-the-middle network position on the path between the Daytona daemon and the target Git remote at the moment a git clone operation is initiated - this is the primary limiting factor captured by CVSS AC:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 5.9 (Medium) with vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N accurately reflects the core tension here: the confidentiality impact is High (credentials fully exposed) and the vector is network-exploitable without attacker privileges, but the Attack Complexity is High because the attacker must first achieve a man-in-the-middle position on the network path between the Daytona daemon and the Git remote. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with control over a network segment between a Daytona deployment and its upstream Git remote - for example via ARP spoofing on a shared cloud VPC, a rogue Wi-Fi access point, or a compromised network device - terminates the HTTPS connection from the Daytona daemon, presents a self-signed or otherwise invalid TLS certificate, and relays the connection to the real Git server. Because certificate validation is disabled, the daemon proceeds normally, transmitting the HTTP Basic Authorization header containing the Git credential to the attacker. …
Remediation Upgrade Daytona to version 0.185.0 or later, which is the vendor-confirmed fix as documented in GitHub Security Advisory GHSA-375h-72g4-hc9c (https://github.com/daytonaio/daytona/security/advisories/GHSA-375h-72g4-hc9c). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy