CP
cyberpings
VulnerabilitiesHIGH

PolyShell Vulnerability - Attacks Target Magento Stores

BCBleepingComputer
AdobeMagentoPolyShellRCEWebRTC
🎯

Basically, hackers are using a flaw in Magento to take control of online stores.

Quick Summary

A critical vulnerability in Magento is being exploited, affecting over half of vulnerable stores. This flaw allows hackers to execute remote code, risking sensitive data. Store owners must act quickly to secure their platforms.

The Flaw

The PolyShell vulnerability is a serious issue affecting Magento version 2 and Adobe Commerce installations. Discovered recently, this flaw allows attackers to exploit Magento’s REST API, which handles file uploads for cart items. By manipulating this feature, hackers can execute remote code or take over accounts through stored cross-site scripting (XSS). This vulnerability was publicly disclosed just days before mass exploitation began, highlighting the urgency for affected stores to take action.

According to eCommerce security firm Sansec, attacks leveraging PolyShell started on March 19, 2026, just two days after the vulnerability was made public. As of now, over 56% of vulnerable Magento stores are being targeted. This alarming statistic underscores the critical nature of the vulnerability and the need for immediate attention from store owners.

What's at Risk

The risk associated with the PolyShell vulnerability is significant. If exploited, it can lead to remote code execution (RCE), allowing attackers to gain unauthorized access to sensitive data and systems. This could result in the theft of customer information, financial data, and potentially the complete compromise of the affected online store.

Moreover, the vulnerability's exploitation is not just limited to data theft. Attackers can also deploy malicious scripts, such as payment card skimmers, which can capture sensitive payment information from unsuspecting customers. This is particularly concerning for eCommerce platforms, where trust and security are paramount.

Patch Status

Adobe has acknowledged the PolyShell vulnerability and released a fix in version 2.4.9-beta1 on March 10, 2026. However, this patch has not yet reached the stable branch, leaving many stores vulnerable. The delay in providing a stable update raises concerns about the security of Magento users who rely on timely patches to protect their systems.

Despite attempts to contact Adobe for clarification on the rollout of a stable security update, no response has been received. Store owners are left in a precarious situation, needing to balance immediate protective measures with the hope of a forthcoming patch.

Immediate Actions

For Magento store owners, immediate action is crucial to mitigate the risks posed by the PolyShell vulnerability. Here are some recommended steps:

  • Update to the latest version of Magento as soon as the stable patch is available.
  • Monitor your systems for any signs of compromise or unusual activity, especially around payment processing.
  • Implement security measures such as web application firewalls (WAF) to help filter out malicious traffic.
  • Educate your team about the importance of security best practices, including regular updates and vigilance against suspicious activity.

By taking these proactive steps, store owners can better protect their businesses and customers from the potential fallout of the PolyShell vulnerability.

🔒 Pro insight: The rapid exploitation of PolyShell mirrors previous vulnerabilities; expect widespread attacks until patches are fully deployed.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

MEDIUMVulnerabilities

Apple Patches Vulnerabilities Across All Operating Systems

Apple has patched 85 vulnerabilities across its operating systems. While none are currently exploited, users should update their devices to enhance security. Stay safe and informed!

SANS ISC Full Text·
HIGHVulnerabilities

Cisco Vulnerabilities - Security Advisory Released March 2026

Cisco has issued a security advisory for vulnerabilities in various products, including Catalyst switches and IOS software. Users are urged to update their systems immediately to avoid risks. This advisory is vital for maintaining network security and integrity.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Vulnerabilities - CISA Adds CVE-2026-33017 to Catalog

CISA has added CVE-2026-33017 to its KEV Catalog due to active exploitation. This code injection vulnerability poses significant risks to federal networks. Organizations are urged to act quickly to mitigate potential threats.

CISA Advisories·
CRITICALVulnerabilities

Vulnerabilities - Critical PTC Windchill RCE Risk Alert

A critical flaw in PTC's Windchill and FlexPLM could allow remote code execution. System administrators need to act quickly to mitigate risks. PTC is working on patches to address this vulnerability.

SC Media·
HIGHVulnerabilities

Hitachi Vulnerabilities - Security Advisory Released

Hitachi has released a security advisory for vulnerabilities in key products. Users must update to avoid potential attacks. Ignoring this could lead to serious security risks.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Cisco Catalyst Switches - Chained Vulnerabilities Exposed

Cisco's Catalyst 9300 switches are vulnerable to chained exploits that could lead to denial-of-service. This affects many enterprises relying on these devices. Immediate patching is crucial to safeguard network operations.

CSO Online·