{
  "canonical_id": "magento-open-source--4bd674a1cf",
  "system_id": "magento-open-source",
  "title": "Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce   2026-03-17  A new vulnerability in the Magento and Adobe Commerce REST API allows attackers to upload executable files to any store. Adobe fixed the issue in a pre-release version but has not backported the patch. Many stores run web server configurations that enable either remote code execution (RCE) or acc...   skimming   magento   adobe-commerce   rce   +3",
  "reasons": [
    "missing affected/fixed version details"
  ],
  "candidate_count": 1,
  "references": [
    "https://sansec.io/research/magento-polyshell"
  ]
}