Nexcess incident

Magento “PolyShell” File Upload Vulnerability

Minor Resolved View vendor source →
Started
Mar 18, 2026, 04:17 PM UTC
Resolved
Mar 18, 2026, 10:23 PM UTC
Duration
6h 5m
Detected by Pingoru
Mar 18, 2026, 04:17 PM UTC

Affected components

Platform Updates / Other

Update timeline

  1. investigating Mar 18, 2026, 04:17 PM UTC

    We are aware of recent reports regarding a potential unrestricted file upload vulnerability, commonly referred to as “PolyShell”, affecting Magento and Adobe Commerce. At this time, our teams are actively reviewing our environment to assess any potential impact and determine whether any systems/customer sites may be affected. We will provide further updates as more information becomes available. If you have any questions or concerns. You can reach us through the following channels: Live Chat: https://my.nexcess.net/ Email: Nexcess Support

  2. resolved Mar 18, 2026, 10:23 PM UTC

    We have taken steps to prohibit execution of files exploiting the "PolyShell" unrestricted file upload vulnerability across our managed fleet. If you have any questions or concerns. You can reach us through the following channels: Live Chat: https://my.nexcess.net/ Email: [email protected]

Looking to track Nexcess downtime and outages?

Pingoru polls Nexcess's status page every 5 minutes and alerts you the moment it reports an issue — before your customers do.

  • Real-time alerts when Nexcess reports an incident
  • Email, Slack, Discord, Microsoft Teams, and webhook notifications
  • Track Nexcess alongside 5,000+ providers in one dashboard
  • Component-level filtering
  • Notification groups + maintenance calendar
Start monitoring Nexcess for free

5 free monitors · No credit card required