Security News > 2022 > February > Adobe fixes zero-day exploit in e-commerce code: update now!
Make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe's latest patches.
Adobe has released security updates for Adobe Commerce and Magento Open Source.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
According to Adobe, it seems that any Adobe Commerce or Magento installation running a version later than 2.3.3 that hasn't received the latest patches is vulnerable.
Watch your statements carefully if you've shopped recently at a site driven by Magento or Adobe Commerce.
Keep your eyes open for follow-up information from Adobe that gives actionable details about CVE-2022-24086 and the attacks known to have exploited it.
News URL
Related news
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-24086 | Improper Input Validation vulnerability in multiple products Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 0.0 |