Critical PolyShell Vulnerability Discovered in Magento and Adobe Commerce Platforms

Security firm Sansec identified a critical REST API vulnerability, dubbed PolyShell, in Magento and Adobe Commerce that permits unauthenticated attackers to upload executable files. The flaw affects versions up to 2.4.9-alpha2 and may also enable cross-site scripting (XSS) in older releases. No specific CVE ID was mentioned in the disclosure. The vulnerability exposes e-commerce platforms to potential remote code execution and unauthorized file manipulation. The discovery was attributed to Sansec's research, with no exact disclosure date provided.