Magento Commerce - RCE (CVE-2022-24086)

CVE-2022-24086 is a critical improper input validation vulnerability in Adobe Commerce (Magento Commerce) that affects the checkout process. This flaw allows remote attackers to execute arbitrary code on the server without requiring any user interaction, potentially leading to full system compromise and enabling a range of attacks such as data theft, site defacement, or malware deployment.

CrowdSec has been tracking this vulnerability and its exploits since 29th of October 2025.

CrowdSec network data shows that most actors exploiting CVE-2022-24086 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. In addition, according to the CrowdSec network, attack volume against CVE-2022-24086 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.

Attackers exploit the Adobe Commerce (Magento) checkout and payment API endpoints, particularly targeting /rest/default/V1/guest-carts/<entity_id>/shipping-information and /rest/default/V1/guest-carts/<entity_id>/payment-information, injecting malicious payloads in JSON fields to achieve remote code execution. These attempts often include suspicious template filter expressions or system command patterns within the firstname or lastname fields.