Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

The Hacker News by The Hacker News
March 20, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananMar 20, 2026Web Security / Vulnerability

Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover.

The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in the wild. The unrestricted file upload flaw affects all Magento Open Source and Adobe Commerce versions up to 2.4.9-alpha2.

The Dutch security firm said the problem stems from the fact that Magento’s REST API accepts file uploads as part of the custom options for the cart item.

“When a product option has type ‘file,’ Magento processes an embedded file_info object containing base64-encoded file data, a MIME type, and a filename,” it said. “The file is written to pub/media/custom_options/quote/ on the server.”

Depending on the web server configuration, the flaw can enable remote code execution via PHP upload or account takeover via stored XSS.

Sansec also noted that Adobe fixed the issue in the 2.4.9 pre-release branch as part of APSB25-94, but leaves current production versions without an isolated patch.

“While Adobe provides a sample web server configuration that would largely limit the fallout, the majority of stores use a custom configuration from their hosting provider,” it added.

To mitigate any potential risk, e-commerce storefronts are advised to perform the following steps –

  • Restrict access to the upload directory (“pub/media/custom_options/”).
  • Verify that nginx or Apache rules prevent access to the directory.
  • Scan the stores for web shells, backdoors, and other malware.

“Blocking access does not block uploads, so people will still be able to upload malicious code if you aren’t using a specialized WAF [Web Application Firewall],” Sansec said.

The development comes as Netcraft flagged an ongoing campaign involving the compromise and defacement of thousands of Magento e-commerce sites across multiple sectors and geographies. The activity, which commenced on February 27, 2026, involves the threat actor uploading plaintext files to publicly accessible web directories.

“Attackers have deployed defacement txt files across approximately 15,000 hostnames spanning 7,500 domains, including infrastructure associated with prominent global brands, e-commerce platforms, and government services,” security researcher Gina Chow said.

It’s currently not clear if the attacks are exploiting a specific Magento vulnerability or misconfiguration, and it’s the work of a single threat actor. The campaign has impacted infrastructure belonging to several globally recognized brands, including Asus, FedEx, Fiat, Lindt, Toyota, and Yamaha, among others.

The Hacker News has also reached out to Netcraft to understand if this activity has a connection to PolyShell, and we will update the story if we hear back.



Source link

The Hacker News

The Hacker News

Next Post
LinkedIn Invited My AI ‘Cofounder’ to Give a Corporate Talk—Then Banned It

LinkedIn Invited My AI 'Cofounder' to Give a Corporate Talk—Then Banned It

Recommended.

How Zscaler-Red Canary Deal Is Boosting CrowdStrike Partnership: Execs

How Zscaler-Red Canary Deal Is Boosting CrowdStrike Partnership: Execs

September 11, 2025
Infortrend stellt seine fortschrittlichste U.2 NVMe SSD-Speicherlösung vor, die entwickelt wurde, um das Zeitalter der künstlichen Intelligenz voranzutreiben

Infortrend stellt seine fortschrittlichste U.2 NVMe SSD-Speicherlösung vor, die entwickelt wurde, um das Zeitalter der künstlichen Intelligenz voranzutreiben

January 6, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio