Description
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting array without adequate input validation. While the code validates that artifacts exist in the validInvestigationArtifacts map, it fails to sanitize the actual command content after the "command:" prefix. This allows an attacker who can control metadata responses to inject and execute arbitrary OS commands with root privileges. The attack is triggered by sending a TCP packet with specific sequence numbers to the SSH port, which causes the agent to fetch metadata from http://169.254.169.254/metadata/v1.json. The vulnerability affects the command execution flow in internal/troubleshooting/actioner/actioner.go (insufficient validation), internal/troubleshooting/command/exec.go (direct exec.CommandContext call), and internal/troubleshooting/command/command.go (command parsing without sanitization). This can lead to complete system compromise, data exfiltration, privilege escalation, and potential lateral movement across cloud infrastructure.
Published: 2026-03-23
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

DigitalOcean’s Droplet Agent (through version 1.3.2) contains a command injection flaw in its troubleshooting actioner component. The agent pulls metadata from 169.254.169.254/metadata/v1.json, parses a 'TroubleshootingAgent.Requesting' array, and executes the command portions without sanitizing the payload. Because the agent runs the commands as root, an attacker who can influence the metadata response can inject arbitrary operating‑system commands and gain full system control. The weakness is an unvalidated command execution (CWE‑94).

Affected Systems

The affected product is DigitalOcean Droplet Agent, version 1.3.2 and earlier. Any droplet running this agent is susceptible; newer releases beyond 1.3.2 are not currently known to be impacted.

Risk and Exploitability

The CVSS score is 8.8, representing a high‑severity vulnerability. The EPSS score is below 1 %, indicating a low probability of exploitation in the wild, and it is not listed in CISA’s KEV catalog. Exploitation requires network access sufficient to modify the metadata service response and to send a specially crafted TCP packet to the droplet’s SSH port, which triggers the agent’s metadata retrieval. If those conditions are met, the attacker can execute arbitrary commands with root privileges, potentially leading to full system compromise, data exfiltration, and lateral movement across a cloud environment.

Generated by OpenCVE AI on March 24, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the DigitalOcean Droplet Agent to the latest version that fixes the error.
  • If an update is not immediately feasible, restrict the agent’s ability to query the cloud metadata service (for example, block outbound connections to 169.254.169.254).
  • After applying the fix or restriction, confirm the TroubleshootingAgent no longer executes arbitrary commands by reviewing logs and running a controlled test.

Generated by OpenCVE AI on March 24, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fh3m-562m-w4f6 DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Command Injection in DigitalOcean Droplet Agent Enables Remote Execution with Root Privileges

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Digitalocean
Digitalocean droplet Agent
Vendors & Products Digitalocean
Digitalocean droplet Agent

Mon, 23 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting array without adequate input validation. While the code validates that artifacts exist in the validInvestigationArtifacts map, it fails to sanitize the actual command content after the "command:" prefix. This allows an attacker who can control metadata responses to inject and execute arbitrary OS commands with root privileges. The attack is triggered by sending a TCP packet with specific sequence numbers to the SSH port, which causes the agent to fetch metadata from http://169.254.169.254/metadata/v1.json. The vulnerability affects the command execution flow in internal/troubleshooting/actioner/actioner.go (insufficient validation), internal/troubleshooting/command/exec.go (direct exec.CommandContext call), and internal/troubleshooting/command/command.go (command parsing without sanitization). This can lead to complete system compromise, data exfiltration, privilege escalation, and potential lateral movement across cloud infrastructure.
References

Subscriptions

Digitalocean Droplet Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-24T13:36:35.705Z

Reserved: 2026-01-23T00:00:00.000Z

Link: CVE-2026-24516

cve-icon Vulnrichment

Updated: 2026-03-24T13:36:21.596Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T17:16:37.863

Modified: 2026-03-24T15:54:09.400

Link: CVE-2026-24516

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:50:12Z

Weaknesses