The Magento e-commerce platform has been hit by a critical vulnerability dubbed 'PolyShell', which allows unauthenticated remote code execution (RCE) and account takeover. This flaw is particularly concerning as it affects all Magento Open Source and Adobe Commerce stable version 2 installations. While there's no evidence of active exploitation yet, security firm Sansec warns that the exploit method is already circulating, and automated attacks are expected to follow. The issue stems from Magento's REST API accepting file uploads as part of custom options for cart items, which can be manipulated to execute arbitrary code or take over accounts. The vulnerability is named 'PolyShell' due to its use of a polyglot file that can function as both an image and a script. The severity of this flaw is heightened by the fact that many Magento stores expose files in the upload directory, making it easier for attackers to exploit the vulnerability. Adobe has released a fix, but it's only available in the second alpha release for version 2.4.9, leaving production versions vulnerable. Sansec suggests that while Adobe offers a sample web server configuration to limit the impact, most stores rely on their hosting provider's setup, which may not be as secure. To mitigate the risk, store administrators should restrict access to the 'pub/media/custom_options/' directory, verify Nginx or Apache rules to ensure they prevent access, and scan their stores for uploaded shells, backdoors, or other malware. This incident highlights the ongoing challenge of securing e-commerce platforms against sophisticated threats. As malware becomes more advanced, using techniques like math to detect sandboxes and hide in plain sight, the need for robust security measures becomes even more critical. The Red Report 2026 further underscores this point, revealing how ransomware encryption has dropped by 38%, indicating that attackers are shifting their focus to more subtle and harder-to-detect methods. As such, organizations must remain vigilant and adapt their security strategies to counter these evolving threats.
