When does Magento reach end-of-life?

The latest supported Magento release is 2.4.9. After end-of-life a release no longer receives security patches.

Magento ↗

Adobe · CMS

100/100 Healthy

Summary iPlain-English security verdict for Magento, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Magento currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 2.4.9. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Magento each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2016-4010 CRITICAL Injection EPSS 87% → see advisory CVE-2015-1397 MEDIUM SQL injection EPSS 72% → see advisory CVE-2019-7139 CRITICAL SQL injection EPSS 60% → fixed in 2.3.1 CVE-2021-21029 MEDIUM Cross-site scripting (XSS) EPSS 44% → fixed in 2.3.6 CVE-2022-34253 HIGH CWE-91 EPSS 37% → fixed in 2.4.3 CVE-2020-3716 CRITICAL Insecure deserialization EPSS 17% → see advisory CVE-2021-36023 CRITICAL OS command injection EPSS 16% → fixed in 2.4.2 CVE-2020-9664 CRITICAL Insecure deserialization EPSS 16% → see advisory CVE-2020-3718 CRITICAL EPSS 9% → see advisory CVE-2020-9632 CRITICAL EPSS 8% → see advisory CVE-2020-9631 CRITICAL EPSS 8% → see advisory CVE-2021-21018 CRITICAL OS command injection EPSS 7% → fixed in 2.3.6

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Magento release line is supported — and when it sunsets.

2.4.9 latest 2.4.9 Supported

2.4.8 latest 2.4.8 Supported

2.4.7 latest 2.4.7 Supported

2.4.6 latest 2.4.6 Supported

2.4.5 latest 2.4.5 End of life ended 2024-11-25

2.4.4 latest 2.4.4 End of life ended 2024-11-25

2.4.3 latest 2.4.3 End of life ended 2022-11-28

2.4.2 latest 2.4.2 End of life ended 2022-11-28

2.4.1 latest 2.4.1 End of life ended 2022-11-28

2.4.0 latest 2.4.0 End of life ended 2022-11-28

See all upcoming end-of-life dates →