CVE-2026-24516

A command injection vulnerability exists in the DigitalOcean Droplet Agent through version 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting array. While the code validates that artifact keys exist in the validInvestigationArtifacts map, it fails to sanitize the command content after the "command:" prefix, allowing injection of arbitrary OS commands [1][4].

To exploit, an attacker sends a TCP packet with specific sequence numbers to the SSH port of a droplet running the agent. This triggers the agent to fetch metadata from http://169.254.169.254/metadata/v1.json. If the attacker can control the metadata response (e.g., via ARP spoofing on the local network), they can inject malicious commands that are then executed with root privileges [1]. The vulnerability exists across multiple files: actioner.go (insufficient validation), internal/troubleshooting/command/exec.go (direct exec.CommandContext call), and internal/troubleshooting/command/command.go (command parsing without sanitization) [3][4].

Successful exploitation results in arbitrary command execution as root, enabling full system compromise, data exfiltration, privilege escalation, and potential lateral movement across cloud infrastructure [1]. The Droplet Agent is a daemon that runs on customer droplets to enable features like web console access, affecting numerous DigitalOcean users [2].

DigitalOcean has addressed this vulnerability in versions after 1.3.2. Users are strongly advised to update the Droplet Agent to the latest version. If immediate patching is not possible, network segmentation and strict monitoring of metadata service requests can serve as temporary mitigations.