The term «Magento 2 upload hack» typically refers to a critical class of security vulnerabilities where attackers exploit file upload features to gain unauthorized access.
As of April 2026, the most urgent threat is a vulnerability called PolyShell, which allows unauthenticated attackers to upload executable files to almost any Magento or Adobe Commerce store.
Current Major Threat: PolyShell (APSB25-94)
Discovered by Sansec, this vulnerability is currently being exploited in the wild.
How it…
As of April 2026, the most urgent threat is a vulnerability called PolyShell, which allows unauthenticated attackers to upload executable files to almost any Magento or Adobe Commerce store.
Current Major Threat: PolyShell (APSB25-94)
Discovered by Sansec, this vulnerability is currently being exploited in the wild.
How it…