CVE-2022-24086

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

93.74%

probability

This CVE has a 93.74% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-20 · Improper Input Validation CWE-707 · Improper Neutralization

Exploits & PoC

wubinworks/magento2-template-filter-patch

Magento 2 patch for CVE-2022-24086, CVE-2022-24087. Fix the RCE vulnerability and related bugs by performing deep template variable escaping. If you c

1 repo — triés par ⭐ Rechercher sur GitHub ↗

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released

TheHackerNews

Emergency Magento update fixes zero-day bug exploited in attacks

BleepingComputer Feb 14, 2022

Signal Intelligence

Confidenceⓘ

88%

EPSS 93.74%

Mentions 2

Last Seen Feb 14, 2022

CNA Information

Analyst Note

CVE-2022-24086 is explicitly named as a zero-day in authoritative sources (TheHackerNews, BleepingComputer) with clear evidence of active exploitation in the wild. Adobe released patches coincidentally, and both sources use 'zero-day' terminology with exploitation timing aligned to patch availability, satisfying zero-day criteria.

Threat Actors 1

Kinsing

apt_group 🇷🇺 RU

Triage Info

Decided atMar 20, 2026