Emergency patch for Magento 2

Summary
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.

Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

Affected Versions

Magento Open Source
2.4.3-p1 and earlier versions
2.3.7-p2 and earlier versions

Adobe Commerce 2.3.3 and lower are not affected.

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.

Release Notes

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	Pre-authentication?	Admin privileges required?	CVSS base score	CVSS vector	Magento Bug ID	CVE number(s)
Improper Input Validation (CWE-20)	Arbitrary Code Execution	Critical	yes	no	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	PRODSECBUG-3118	CVE-2022-24086

Vulnerability Category

Vulnerability Impact

Severity

Pre-authentication?

Admin privileges required?

CVSS base score

CVSS vector

Magento Bug ID

CVE number(s)

Improper Input Validation (CWE-20)

Arbitrary Code Execution

Critical

yes

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

PRODSECBUG-3118

CVE-2022-24086

Ready to get started?

We are here to help your business grow
Let's talk.

Ready to get started?

We are here to help your business grow Let's talk.

We are here to help your business grow
Let's talk.