Hackers are actively exploiting a critical vulnerability in the Magento and Adobe Commerce platforms, allowing attackers to gain remote control of websites and compromise user accounts.

According to recent findings, the flaw—dubbed “PolyShell”—enables attackers to execute malicious code on vulnerable servers without authentication. By abusing weaknesses in the platform’s REST API and file upload functionality, threat actors can upload specially crafted files that act as both legitimate content and malicious scripts. (SC Media)

Once exploited, the vulnerability can lead to remote code execution (RCE) and full account takeover, posing a serious threat to online stores and customer data. Attackers can deploy backdoors, steal sensitive information, or manipulate website functionality. (Cyber Security News)

Security researchers warn that the flaw affects multiple versions of Magento Open Source and Adobe Commerce, with many production systems still unpatched. In some cases, exploitation techniques are already circulating, increasing the likelihood of automated large-scale attacks in the near future. (SC Media)

The issue stems from how Magento handles file uploads for custom product options. Attackers can inject a “polyglot” file—capable of behaving like both an image and executable script—into publicly accessible directories, which can then be triggered to execute malicious code. (SC Media)

Cybersecurity experts are urging website administrators to take immediate action by restricting access to vulnerable directories, scanning for malware, and applying security updates as soon as patches become available. Failure to do so could expose e-commerce platforms to data breaches, financial fraud, and persistent system compromise.

This ongoing campaign highlights the growing risks facing e-commerce platforms, where even a single unpatched vulnerability can be weaponized to launch widespread and highly damaging cyberattacks.