Magento News

Emergency patch for Magento 2

Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.

Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

Affected Versions

Magento Open Source
2.4.3-p1 and earlier versions
2.3.7-p2 and earlier versions

Adobe Commerce 2.3.3 and lower are not affected.


Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.

Release Notes

Vulnerability details

Vulnerability Category Vulnerability Impact Severity Pre-authentication? Admin privileges required? CVSS base score CVSS vector Magento Bug ID CVE number(s)
Improper Input Validation (CWE-20) Arbitrary Code Execution Critical yes no 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H PRODSECBUG-3118 CVE-2022-24086