Tech Mar 21, 2026 3 min PolyShell flaw in Magento's REST API enables unauthenticated RCE A Magento product-option API bug allows unauthenticated uploads of polyglot files that execute PHP code. In nginx 2.0.0-2.2.x environments it becomes full RCE; in other setups it can lead to XSS and account takeover. Magento Security RCE Vulnerability Adobe Commerce
