Magento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94) › Searchlight Cyber
slcyber.io
Magento remains one of the most popular e-commerce solutions in use on the internet, estimated to be running on more than 130,000 websites. It is also offered as an enterprise offering by Adobe under the name Adobe Commerce. On March 17th 2026, Sansec released new research dubbed PolyShell (APSB25-94), an unauthenticated unrestricted file upload vulnerability