Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting array without adequate input validation. While the code validates that artifacts exist in the validInvestigationArtifacts map, it fails to sanitize the actual command content after the "command:" prefix. This allows an attacker who can control metadata responses to inject and execute arbitrary OS commands with root privileges. The attack is triggered by sending a TCP packet with specific sequence numbers to the SSH port, which causes the agent to fetch metadata from http://169.254.169.254/metadata/v1.json. The vulnerability affects the command execution flow in internal/troubleshooting/actioner/actioner.go (insufficient validation), internal/troubleshooting/command/exec.go (direct exec.CommandContext call), and internal/troubleshooting/command/command.go (command parsing without sanitization). This can lead to complete system compromise, data exfiltration, privilege escalation, and potential lateral movement across cloud infrastructure.
AnalysisAI
A critical command injection vulnerability exists in DigitalOcean Droplet Agent through version 1.3.2, where the troubleshooting actioner component processes metadata from the metadata service endpoint without adequate input validation, allowing attackers who can control metadata responses to inject and execute arbitrary OS commands with root privileges. An attacker can trigger the vulnerability by sending a TCP packet with specific sequence numbers to the SSH port, causing the agent to fetch and execute malicious commands from the metadata service, potentially leading to complete system compromise, data exfiltration, and lateral movement across cloud infrastructure. A public proof-of-concept exists at https://github.com/poxsky/CVE-2026-24516-DigitalOcean-RCE, indicating active research and potential exploitation risk.
Technical ContextAI
The vulnerability resides in the DigitalOcean Droplet Agent, a privileged system service running on cloud instances that fetches configuration and troubleshooting directives from the metadata service endpoint at http://169.254.169.254/metadata/v1.json. The root cause is classified as inadequate input validation and command injection (CWE-78: Improper Neutralization of Special Elements used in an OS Command). The affected code spans three components: internal/troubleshooting/actioner/actioner.go (processes metadata without sanitizing command content after the 'command:' prefix), internal/troubleshooting/command/exec.go (directly executes commands via exec.CommandContext without prior sanitization), and internal/troubleshooting/command/command.go (parses commands without proper escaping or validation). The vulnerability is triggered when a TCP packet with specific sequence numbers is sent to the SSH port, which causes the agent to interpret the request as legitimate and fetch metadata containing malicious command directives that are subsequently executed in the context of the root-privileged process.
RemediationAI
Upgrade DigitalOcean Droplet Agent to the patched version immediately once available from DigitalOcean (check https://github.com/digitalocean/droplet-agent for release notes and security advisories). Until a patch is available, implement network-level mitigations by restricting or monitoring access to the metadata service endpoint (169.254.169.254) at the instance firewall level if operationally feasible, and ensure that only legitimate system components can trigger metadata service calls. Additionally, consider implementing host-based intrusion detection to monitor for suspicious command execution patterns originating from the Droplet Agent process, and review cloud infrastructure network segmentation to limit the blast radius of a compromised Droplet Agent. Apply the patch as soon as it is released, as this vulnerability allows unauthenticated remote code execution with root privileges on affected instances.
Same weakness CWE-94 – Code Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14461
GHSA-fh3m-562m-w4f6