CVE-2022-24086 is a critical, zero-day security vulnerability affecting Adobe’s Commerce and Magento open-source products.
The vulnerability, which has a CVSS score of 9.8 out of 10, is actively exploited in the wild in limited attacks. Fortunately, a patch is already available and should be applied immediately to avoid remote code execution attacks.
More about CVE-2022-24086
Adobe just released a security update to fix a zero-day flaw in its Commerce and Magento Open Source platforms. The flaw itself is caused by improper input validation, and could cause remote code execution. In case of a successful exploit based on CVE-2022-24086, threat actors could execute remote commands on affected hosts.
The zero-day issue affects versions 2.4.3-p1 and earlier, as well as 2.3.7-p2 and earlier of the Adobe Commerce and Magento Open Source platforms.
Administrators of the affected products should install the latest security updates as soon as possible.