> TritonInfoSec News
Home / Mar 21, 2026 / Story
0
#8 The Hacker News general March 20, 2026 at 09:30 UTC

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

By [email protected] (The Hacker News)

AI Summary

Sansec discovered the 'PolyShell' vulnerability in Magento's REST API allowing unauthenticated attackers to upload malicious executables disguised as images. The critical flaw enables remote code execution and account takeover on Magento e-commerce platforms, affecting thousands of online stores.

Read full article → https://thehackernews.com/2026/03/magento-polyshel…

Relevance score: 78.0/100

# More from March 21

  1. 1
    Widely used Trivy scanner compromised in ongoing supply-chain attack Ars Technica Security
  2. 2
    Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw Dark Reading
  3. 3
    Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure The Hacker News
  4. 4
    CISA orders feds to patch max-severity Cisco flaw by Sunday BleepingComputer
  5. 5
    International joint action disrupts world’s largest DDoS botnets BleepingComputer
  6. 6
    FBI links Signal phishing attacks to Russian intelligence services BleepingComputer
  7. 7
    FBI takes down leak sites tied to Iran’s Ministry of Intelligence and Security The Record
  8. 9
    Thousands of Magento Sites Hit in Ongoing Defacement Campaign SecurityWeek
  9. 10
    Max severity Ubiquiti UniFi flaw may allow account takeover BleepingComputer