Description
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.
Published: 2026-06-23
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Daytona, a secure and elastic infrastructure runtime for AI‑generated code execution and agent workflows, performs git clone operations. In versions before 0.185.0, the daemon’s implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote host over a connection whose certificate was never validated, affecting both the go‑git and native git CLI code paths. An attacker able to intercept clone traffic can present any TLS certificate, capture the supplied Git credentials, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0 and exposes credentials to an adversary capable of network eavesdropping.

Affected Systems

The vulnerability affects Daytona installations produced by DaytonaIO. All versions earlier than 0.185.0 are susceptible when performing git clone operations that include HTTP Basic credentials. Versions 0.185.0 and later contain the fix.

Risk and Exploitability

With a CVSS score of 5.9, the risk level is moderate. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating limited observed exploitation. The likely attack vector is a man‑in‑the‑middle that intercepts clone traffic; no special privileges or additional conditions are required beyond the ability to observe the network to the Daytona daemon. Once credentials are captured, an attacker can gain unauthorized access to any repositories negotiated with those credentials and potentially upload malicious code into the sandbox environment.

Generated by OpenCVE AI on June 24, 2026 at 10:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Daytona to version 0.185.0 or later to enforce TLS verification.
  • Remove HTTP Basic credentials from git clone URLs; configure authentication via SSH keys or personal access tokens to prevent credentials being transmitted in clear text.
  • Apply network segmentation or firewall rules to limit access to the Daytona daemon only to trusted hosts, reducing the risk of man‑in‑the‑middle interception.

Generated by OpenCVE AI on June 24, 2026 at 10:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Daytonaio
Daytonaio daytona
Vendors & Products Daytonaio
Daytonaio daytona

Wed, 24 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.
Title Daytona: Git credential leak via git clone with TLS verification disabled
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N'}


Subscriptions

Daytonaio Daytona
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-24T14:27:21.317Z

Reserved: 2026-06-12T18:42:02.223Z

Link: CVE-2026-54323

cve-icon Vulnrichment

Updated: 2026-06-24T14:27:14.658Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:56Z

Weaknesses
  • CWE-295

    Improper Certificate Validation