36 matches found
📄 DigitalOcean Droplet Agent Remote Command Execution
DigitalOcean Droplet Agent versions through 1.3.2 suffer from a remote command injection vulnerability via metadata poisoning and side-channel attacks. CVE-2026-24516-DigitalOcean-RCE. Technical analysis and PoC for CVE-2026-24516: Unauthenticated Root Remote Code Execution in DigitalOcean Drople...
SUSE CVE-2026-24516
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...
GO-2026-4854 DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint in github.com/digitalocean/droplet-agent
DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint in github.com/digitalocean/droplet-agent...
CVE-2026-24516
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
EUVD-2026-14461
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
GHSA-FH3M-562M-W4F6 DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
CVE-2026-24516
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
CVE-2026-24516
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
CVE-2026-24516
DigitalOcean Droplet Agent (droplet-agent)
CVE-2026-24516
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
CVE-2026-24516
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...
Droplet Agent 安全漏洞
Droplet Agent is an open-source tool developed by DigitalOcean for managing and monitoring DigitalOcean Droplets. Versions of Droplet Agent prior to 1.3.2 contain security vulnerabilities. These vulnerabilities stem from the fault diagnosis executor component failing to properly validate inputs...
Exploit for CVE-2026-24516
CVE-2026-24516-DigitalOcean-RCE Critical Pre-Auth Root RCE CV...
PT-2026-4632
Name of the Vulnerable Software and Affected Versions DigitalOcean Droplet Agent versions through 1.3.2 Description A command injection issue exists due to inadequate input validation when processing metadata from the metadata service endpoint. Specifically, the troubleshooting actioner component...
CVE-2022-50936
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...
CVE-2022-50936
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...
CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...