TechMar 21, 20263 minPolyShell flaw in Magento's REST API enables unauthenticated RCEA Magento product-option API bug allows unauthenticated uploads of polyglot files that execute PHP code. In nginx 2.0.0-2.2.x environments it becomes full RCE; in other setups it can lead to XSS and account takeover.MagentoSecurityRCEVulnerabilityAdobe Commerce