Update: Adobe has released an additional patch to better protect against the threat identified in CVE-2022-24086. This threat is still considered critical and the new patch, CVE-2022-24087, should be applied ASAP.
Adobe announced a critical security vulnerability yesterday that affects both Magento 2.3 and 2.4. CVE-2022-24086 allows unauthenticated remote code execution (RCE), which gives the nefarious users control of your Magento site without gaining control of Admin. Fortunately, Adobe has already created a patch to address this significant vulnerability. If you’re running Magento 2.3.3-p1 through 2.3.7 or any version of Magento 2.4, you will need to deploy the patch immediately.
Security risks are always possible and can happen at any time. As one key component of our services, we stay up-to-date on all Magento related releases and security findings. Not only does that allow us to offer the latest features and perks available to you but also assures that we’re able to provide security patches immediately when a vulnerability arises.
We offer dedicated maintenance and support plans to ensure that your software is current and your website is performing optimally. Learn more about how we can help you keep your Magento site secure and running smoothly here.