Sansec is warning of a critical security flaw in Magento's
REST API that could allow unauthenticated attackers to upload
arbitrary executables and achieve code execution and account
takeover. The vulnerability has been codenamed PolyShell by Sansec
owing to the fact that the attack hinges on disguising malicious
code as an image. There is no evidence that the shortcoming has
been exploited in
Read more https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html
