CVE-2022-24086 is a critical, zero-day security vulnerability affecting Adobe’s Commerce and Magento open-source products.
The vulnerability, which has a CVSS score of 9.8 out of 10, is actively exploited in the wild in limited attacks. Fortunately, a patch is already available and should be applied immediately to avoid remote code execution attacks.
More about CVE-2022-24086
Adobe just released a security update to fix a zero-day flaw in its Commerce and Magento Open Source platforms. The flaw itself is caused by improper input validation, and could cause remote code execution. In case of a successful exploit based on CVE-2022-24086, threat actors could execute remote commands on affected hosts.
The zero-day issue affects versions 2.4.3-p1 and earlier, as well as 2.3.7-p2 and earlier of the Adobe Commerce and Magento Open Source platforms.
Administrators of the affected products should install the latest security updates as soon as possible.
Related: Vulnerable Magento Extensions Exploited to Plant Skimmers
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: