Outage in Nexcess
Security Hardening - Magento “PolyShell” File Upload Vulnerability Enhancements
Resolved MinorIncident Report
Summary AI Generated
Nexcess implemented additional security enhancements across their managed Magento hosting environment to address the "PolyShell" unrestricted file upload vulnerability. The security hardening included strengthened file upload validation, enhanced monitoring and detection mechanisms, stricter execution controls, and broader platform protections. After nearly 14 days of implementation work, all planned security measures were completed and the incident was resolved.
Following the actions taken to prohibit execution of files exploiting the Magento “PolyShell” unrestricted file upload vulnerability, our engineering teams are continuing to implement additional security enhancements across our managed environment.
These efforts include strengthening file upload validation and execution restrictions, enhancing monitoring and detection mechanisms, and implementing additional hardening measures across Magento platforms. We are also conducting internal reviews to reduce potential attack surfaces and reinforce overall platform security.
These proactive improvements reflect our ongoing commitment to maintaining a secure and resilient hosting environment. While the initial issue has been addressed, we are taking additional steps to further strengthen our systems and help prevent future risks.
While the additional measures that we have deployed should reduce the risk for potential compromise, we strongly urge that our customers take proactive measures to review and secure their sites
If you have any questions or concerns, please reach out to us through the following channels:
Live Chat: https://my.nexcess.net/
Email: support@nexcess.net
We will continue to share updates as these enhancements are completed.
Components affected
Nexcess Platform Updates / OtherTrusted by 1,000+ teams
Never miss outages in third-party dependencies
Stop finding out about outages from your users. Monitor 6,320+ cloud services and get alerted the second something breaks.
Latest Updates ( sorted recent to last )
RESOLVED
14 days ago - at 04/15/2026 12:13PM
Our engineering teams have completed the planned security enhancements and hardening efforts related to the Magento "PolyShell" unrestricted file upload vulnerability across our managed environment.
With these measures now fully implemented, we consider this incident resolved.
As security is a shared responsibility, we recommend that customers review their Magento installations, ensure all updates and patches are applied, and take additional steps to further secure their applications.
If you have any questions or require assistance, please reach out via chat or support case.
INVESTIGATING
20 days ago - at 04/09/2026 01:29PM
Our engineering teams have made significant progress in implementing additional security enhancements related to the Magento "PolyShell" unrestricted file upload vulnerability. At this stage, we are nearing completion of all planned mitigation efforts across our managed environment.
The measures deployed, including strengthened file upload validation, enhanced malware scanning to detect files, stricter execution controls, and broader platform hardening, have significantly reduced the risk of exploitation.
While these mitigations provide strong protection, security is a shared responsibility. We strongly encourage customers to review their Magento installations, ensure all updates and patches are applied, and follow general security best practices to help keep their sites secure.
If you have any questions or need assistance, please reach out to us through chat or via case.
We will provide further updates if any additional actions are required.
INVESTIGATING
28 days ago - at 04/01/2026 06:37PM
Following the actions taken to prohibit execution of files exploiting the Magento “PolyShell” unrestricted file upload vulnerability, our engineering teams are continuing to implement additional security enhancements across our managed environment.
These efforts include strengthening file upload validation and execution restrictions, enhancing monitoring and detection mechanisms, and implementing additional hardening measures across Magento platforms. We are also conducting internal reviews to reduce potential attack surfaces and reinforce overall platform security.
These proactive improvements reflect our ongoing commitment to maintaining a secure and resilient hosting environment. While the initial issue has been addressed, we are taking additional steps to further strengthen our systems and help prevent future risks.
While the additional measures that we have deployed should reduce the risk for potential compromise, we strongly urge that our customers take proactive measures to review and secure their sites
If you have any questions or concerns, please reach out to us through the following channels:
Live Chat: https://my.nexcess.net/
Email: support@nexcess.net
We will continue to share updates as these enhancements are completed.
Latest Nexcess outages
Apache Service Disruption Caused by immunify360-ea-php-hardened Repository Incompatibility - 15 days ago
Service Disruption Due to Network Switch Failure - 18 days ago
Internal Network Outage Impacting Support Services. - 19 days ago
DDOS attack on cloudhost-1743976.uk-south-2.nxcli.net - 19 days ago
Never miss outages in third-party dependencies
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 6320 services available
Integrations with
