Zero-Day Magento 2 RCE Bug Under Active Attack

Zero-Day Magento 2 RCE Bug Under Active Attack-01

The zero-day remote code-execution (RCE) interference on the Magento 2 and Adobe Commerce platforms has been severely exploited in the wild, says Adobe – prompting an emergency evacuation over the weekend.

The security risk violator (CVE-2022-24086) is a sensitive issue, allowing for pre-RCE verification from incorrect input validation. It scores 9.8 out of 10 on the CVSS risk rating, but there is one limiting factor: The attacker will need to have administrative rights to be successful.

It affects 2.3.7-p2 versions and earlier and 2.4.3-p1 and earlier for both eCommerce platforms, subject to advice.

Read More: