CVE-2022-24086

CVE Database · CVE-2022-24086

CVE-2022-24086

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.20%

Published

Feb 16, 2022

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2022-02-15 · Due: 2022-03-01

Apply updates per vendor instructions.

Public PoC / Exploit (10)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCMr-xn/CVE-2022-24086★35 GitHub PoCoK0mo/CVE-2022-24086-RCE-PoC★6 GitHub PoCpescepilota/CVE-2022-24086★6 GitHub PoCseymanurmutlu/CVE-2022-24086-CVE-2022-24087★2 GitHub PoCakr3ch/CVE-2022-24086★2 GitHub PoCnanaao/CVE-2022-24086-RCE★0 GitHub PoCNHPT/CVE-2022-24086-RCE★0 GitHub PoCBurpRoot/CVE-2022-24086★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Affected Products (14)

adobe · commerce (up to 2.3.0)vulnerable

adobe · commercevulnerable

adobe · magento (up to 2.3.0)vulnerable

adobe · magentovulnerable

References (3)

https://helpx.adobe.com/security/products/magento/apsb22-12.html

PatchRelease NotesVendor Advisory

https://helpx.adobe.com/security/products/magento/apsb22-12.html

PatchRelease NotesVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24086

Third Party AdvisoryUS Government Resource

KEV Catalog EPSS Scores Vendors All CVEs