Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
Vulnerability
Summary
Hide ▲
Show ▼
PolyShell is a Magento Open Source and Adobe Commerce vulnerability that can enable unauthenticated code execution and account takeover across stable version 2 installations. In the latest campaign, Sansec says attackers are leveraging the flaw to compromise nearly 100 online stores and hide a credit card stealer inside a 1x1-pixel SVG `onload` handler. The malware presents a fake Secure Checkout overlay during checkout, validates card data with Luhn, and exfiltrates payment details to attacker-controlled infrastructure. Adobe still has no production security update for the flaw, with a fix available only in 2.4.9-alpha3+.
Related Happenings
Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
Vulnerability
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...
Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
Vulnerability
First: 15.05.2026 22:30
Last: 15.05.2026 22:30
Sources 1
About this happening:
**Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Adobe Reader zero-day exploited via malicious PDFs security flaw
Vulnerability
First: 09.04.2026 12:22
Last: 09.04.2026 12:22
Sources 1
About this happening:
**Adobe Reader** is facing an **actively exploited zero-day** delivered through **malicious PDF documents** and observed since at least **December**. The flaw works on the **lates...
Adobe Reader zero-day exploited via malicious PDFs security flaw
VulnerabilityAbout this happening: **Adobe Reader** is facing an **actively exploited zero-day** delivered through **malicious PDF documents** and observed since at least **December**. The flaw works on the **lates...
Latest development: 13.04.2026 18:37
Adobe released an emergency security update for Acrobat Reader to fix CVE-2026-34621 after zero-day exploitation in malicious PDF files. The bulletin says Acrobat DC versions 26.001.21367 and earlier, Acrobat Reader DC versions 26.001.21367 and earlier, and Acrobat 2024 versions 24.001.30356 and earlier are affected, and Adobe recommends updating through Help > Check for Updates or the official installer.
Magento checkout skimmer campaign targeting nearly 100 stores
Campaign
First: 09.04.2026 01:34
Last: 09.04.2026 01:34
Sources 1
How related:
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image.
About this happening:
A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...
Magento checkout skimmer campaign targeting nearly 100 stores
CampaignHow related: A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image.
About this happening: A **Magento** checkout skimmer campaign is compromising **nearly 100 online stores** and stealing payment data at the point of sale, putting shoppers’ card details at immediate ri...
WebRTC payment skimmer
Malware Activity
First: 26.03.2026 08:53
Last: 26.03.2026 08:53
Sources 1
How related:
"Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,"
About this happening:
A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....
WebRTC payment skimmer
Malware ActivityHow related: "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,"
About this happening: A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....
Timeline
-
19.03.2026 22:01 3 articles · 2mo ago
PolyShell affects Magento Open Source and Adobe Commerce
Initial DisclosurePolyShell affects all Magento Open Source and Adobe Commerce stable version 2 installations, where Magento's REST API file-upload handling for cart-item custom options can permit unauthenticated code execution, account takeover, or stored XSS depending on web-server configuration; no active exploitation has been observed, but the exploit method is already circulating, Adobe's available fix is limited to the second alpha release for version 2.4.9, and store administrators are advised to restrict access to pub/media/custom_options/ and verify server rules.
Show sources
- New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores — www.bleepingcomputer.com — 19.03.2026 22:01
- Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover — thehackernews.com — 20.03.2026 11:30
- Hackers use pixel-large SVG trick to hide credit card stealer — www.bleepingcomputer.com — 09.04.2026 01:34