Use Cases
Software Products MSPs Schools Development & Marketing DevOps Agencies Help Desk
 
Internet Status Blog Pricing Log In Try IsDown for free now

Outage in Liquid Web

Magento “PolyShell” File Upload Vulnerability

Resolved Minor
March 18, 2026 - Started 2 days ago - Lasted 1 day
Official incident page

Incident Report

Summary AI Generated

Liquid Web responded to reports of a "PolyShell" file upload vulnerability affecting Magento and Adobe Commerce installations on their platform. The security issue potentially allowed unrestricted file uploads that could be exploited on customer websites running these e-commerce platforms. Liquid Web resolved the incident by implementing .htaccess file protections to block direct web access to upload directories on affected Magento 2 installations and took additional steps to prevent exploitation of the vulnerability across their server environment.

We are aware of recent reports regarding a potential unrestricted file upload vulnerability, commonly referred to as “PolyShell”, affecting Magento and Adobe Commerce. At this time, our teams are actively reviewing server environments to assess any potential impact and determine whether any systems/customer sites may be affected. We will provide further updates as more information becomes available. If you have any questions or concerns. You can reach us through the following channels: Live Chat: https://my.liquidweb.com/ Email: support@liquidweb.com
Components affected
Liquid Web CPanel Liquid Web Plesk

Need to monitor Liquid Web outages?

  • Monitor all your external dependencies in one place
  • Get instant alerts when outages are detected
  • Be the first to know if service is down
  • Show real-time status on private or public status page
  • Keep your team informed
Start monitoring for free
Latest Updates ( sorted recent to last )
RESOLVED about 23 hours ago - at 03/20/2026 12:29AM

We have taken steps to prohibit execution of files exploiting the "PolyShell" unrestricted file upload vulnerability on a subset of servers in our environment. We have sent a ticket to all customers we've protected identifying the servers and paths involved.

If you have any questions or concerns. You can reach us through the following channels:

Live Chat: https://my.liquidweb.com/
Email: support@liquidweb.com

MONITORING 2 days ago - at 03/19/2026 12:15AM

Following our investigation, we are implementing a mitigation measure for Magento 2 installations on our Managed hosting platform for which we have access between 21:00 EDT and 23:00 EDT tonight.

We have sent a ticket to all customers with servers where mitigations will be applied.  For these customers, we will be deploying an .htaccess file to block direct web-request access to the uploads directory. This change is expected to have minimal impact. If your site has been customised to serve or process requests through the upload directory, this functionality will be affected.  Please contact us with any questions.

Customers with Magento2 websites who did not receive a ticket should review the Sansec article below announcing this vulnerability and apply the recommended changes:

https://sansec.io/research/magento-polyshell

If you have any questions or concerns. You can reach us through the following channels:

Live Chat: https://my.liquidweb.com/
Email: support@liquidweb.com

We appreciate your patience and understanding.

INVESTIGATING 2 days ago - at 03/18/2026 06:32PM

We are aware of recent reports regarding a potential unrestricted file upload vulnerability, commonly referred to as “PolyShell”, affecting Magento and Adobe Commerce.

At this time, our teams are actively reviewing server environments to assess any potential impact and determine whether any systems/customer sites may be affected.

We will provide further updates as more information becomes available.
If you have any questions or concerns. You can reach us through the following channels:

Live Chat: https://my.liquidweb.com/
Email: support@liquidweb.com

Latest Liquid Web outages

An issue reported with provisioning operations. - 3 days ago
ClamAV Service Disruption - 4 days ago
WordPress: W3 Total Cache Vulnerability CVE-2026-27384 - 14 days ago
Networking Instability - 22 days ago
Storm Switch Down Lansing (DC3) - 25 days ago

The Status Page Aggregator with Early Outage Detection

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 6020 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook