Critical Magento Vulnerability Actively Exploited Across Thousands of Stores

A critical vulnerability called “PolyShell” is being actively exploited on Magento and Adobe Commerce platforms, putting thousands of online stores at immediate risk.

The Sansec Forensics Team discovered the flaw and published their findings on March 17, 2026. The vulnerability allows unauthenticated attackers to upload executable files through the platform’s REST API without any official patch currently available for production versions, leaving businesses vulnerable to remote code execution (RCE) and complete account takeovers.

How the Vulnerability Works

The flaw exists in Magento’s REST API, specifically within the anonymous guest cart routes. When a cart item includes a custom file option, the API processes an embedded file object containing base64-encoded data, a MIME type, and a filename. The system fails to verify the option ID, doesn’t check if the product actually requires a file upload, and critically lacks file extension restrictions. This allows threat actors to bypass basic image header checks and upload malicious scripts directly to the server’s upload directory.

While guest cart endpoints are vulnerable without credentials, GraphQL mutations use a different code path and remain unaffected.

Affected Versions and Impact Scope

The vulnerability impacts various versions differently:

Unrestricted file uploads affect all Magento Open Source and Adobe Commerce versions up to 2.4.9-alpha2. Stored Cross-Site Scripting (XSS) impacts all versions prior to 2.3.5. Remote Code Execution (RCE) relies on specific web server configurations, such as stock Nginx passing the index.php filename or Apache without specific PHP engine restrictions. The flaw is only officially patched in the 2.4.9-alpha3+ pre-release branch.

Active Exploitation in the Wild

Sansec researchers observed automated mass scanning and active exploitation beginning March 19, 2026. Attackers are utilizing polyglot files to execute their attacks—malicious code cleverly disguised as legitimate images like valid GIFs or PNGs. The most common payloads involve a GIF89a polyglot dropped onto the server as an executable PHP file. These web shells use hardcoded MD5 hashes to verify attacker authentication before executing arbitrary code or allowing further malicious file uploads.

Indicators of Compromise

Security teams should monitor their environments for these PolyShell attack indicators:

Payload filenames often include index.php, json-shell.php, bypass.phtml, c.php, rce.php, and ato_poc.html. Attackers occasionally use Unicode obfuscation to hide filenames, such as encoding bypass.php to evade basic detection. Authentication hashes hardcoded into payloads include a17028468cb2a870d460676d6d6da3ad63706778e3 and 4009d3fa8132195a2dab4dfa3affc8d2. Malicious probing has been tracked to dozens of IPs, including 2.217.245.213, 3.12.250.83, 18.220.50.153, and 198.186.130.10.

Immediate Protective Actions

Until Adobe releases a comprehensive patch for current production environments, administrators must take immediate defensive steps.

The primary recommendation is to deploy a specialized Web Application Firewall (WAF) to block real-time exploitation attempts. Additionally, administrators must tightly restrict access to the pub/media/custom_options/ directory.

For Nginx servers, this involves ensuring strict location block rules with a deny directive, while Apache users must verify their .htaccess access control files are present and effective. Finally, security teams should routinely scan their infrastructure to detect any dormant files, as uploaded malware remains on the disk even if initial execution fails.

Related Articles

Back to top button