{"id":2462,"date":"2024-12-31T20:22:21","date_gmt":"2024-12-31T20:22:21","guid":{"rendered":"https:\/\/meetanshi.com\/blog\/install-immediately-magento-2-security-patches-mdva-43395-mdva-43443-to-fix-rce-vulnerability\/"},"modified":"2025-06-11T13:23:46","modified_gmt":"2025-06-11T07:53:46","slug":"install-magento-2-security-patch-mdva-43443","status":"publish","type":"post","link":"https:\/\/meetanshi.com\/blog\/install-magento-2-security-patch-mdva-43443\/","title":{"rendered":"Install Immediately: Magento 2 Security Patches MDVA-43395 & MDVA-43443 to Fix RCE Vulnerability"},"content":{"rendered":"\n

If you are running your store on Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), then your store is at high risk<\/strong>!<\/p>\n\n\n\n

A zero-day bug is being exploited in the above-mentioned versions of Magento in the wild by the attackers, which has forced Adobe to roll out emergency security patches to secure the stores.<\/p>\n\n\n\n

The detected RCE bug can allow the attackers to execute arbitrary codes on the stores and harm them. Here is how you can secure your online Magento store from the Adobe RCE bug.<\/p>\n\n\n\n

Add the latest security patch (APSB26-05)<\/a>, which was released by Adobe on March 10, 2026, to secure your store.<\/p>\n\n\n\n

Critical RME Bug Discovered in Adobe Commerce & Magento Open Source<\/h2>\n\n\n\n

On Sunday, Feb 13, 2022, Adobe released an emergency security patch \u2013 MDVA-43395 for the Magento stores to fix the newly discovered RCE bug in the Adobe Commerce and Magento Open Source. \u201cThese updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution,\u201d mentioned the Adobe security bulletin \u2013 APSB22-12<\/a>.<\/p>\n\n\n\n

Common Vulnerabilities and Exposures (CVE) database that manages the public security flaws, assigned CVE-2022-24086<\/a> as the tracking id to the vulnerability. CVSS declared the vulnerability to be critical and rated it  9.8\/10, which needs to be fixed immediately.<\/p>\n\n\n\n

On Feb 17, 2022, Abobe released another security patch \u2013 MDVA-43443 to fix the security vulnerability in the affected versions and updated the security tracking ID to CVE-2022-24087<\/a>, with updated details and information on the improper input validation vulnerability.  \u201cIn order to stay up to date with the latest protections, customers must apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it,\u201d declared Adobe.<\/p>\n\n\n\n

Adobe Released MDVA-43395 & MDVA-43443 Security Patches to Fix the Vulnerability<\/h3>\n\n\n\n
\"Magento<\/figure>\n\n\n\n

Adobe released the following patches for the affected versions of Adobe commerce & Magento open source:<\/p>\n\n\n\n

Product<\/strong><\/td>Updated Version<\/strong><\/td><\/tr>
Adobe Commerce 2.4.3 \u2013 2.4.3-p1<\/td>MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip<\/a> and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip<\/a><\/td><\/tr>
Magento Open Source 2.4.3 \u2013 2.4.3-p1<\/td>MDVA-43395_EE_2.4.3-p1_v1.patch.zip<\/a> and MDVA-43443_EE_2.4.3-p1_v1.patch.zip<\/a><\/td><\/tr>
Adobe Commerce 2.3.4-p2 \u2013 2.4.2-p2<\/td>MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip<\/a> and MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch.zip<\/a><\/td><\/tr>
Adobe Commerce 2.3.3-p1 \u2013 2.3.4<\/td>MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip<\/a> and MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip<\/a><\/td><\/tr>
Magento Open Source 2.3.3-p1 \u2013 2.3.4<\/td>MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip<\/a> and MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip<\/a>
MDVA-43395_EE_2.4.3-p1_v1.patch.zip<\/a> and MDVA-43443_EE_2.3.4_v1.patch.zip<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

The RCE vulnerability is highly critical and serious enough to force Adobe to warrant an immediate security patch. Thus, Meetanshi recommends patching the Magento stores with the latest Adobe security patch to build a solid security shield against the known security loophole.<\/p>\n\n\n\n

You can use learn to install Magento 2 security patches<\/a> to learn installing security patches on your Magento platform and safeguard your store against any such security vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"

If you are running your store on Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), then your store is at high risk! A zero-day bug is…<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[34],"tags":[],"class_list":["post-2462","post","type-post","status-publish","format-standard","hentry","category-magento"],"acf":[],"_links":{"self":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/2462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/comments?post=2462"}],"version-history":[{"count":3,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/2462\/revisions"}],"predecessor-version":[{"id":16590,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/2462\/revisions\/16590"}],"wp:attachment":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/media?parent=2462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/categories?post=2462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/tags?post=2462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}