CRITICAL
Amasty
CVE published 2026-06-12
CVE-2026-53787
CVE-2026-53787 is a critical unauthenticated arbitrary file upload vulnerability in Amasty Order Attributes for Magento 2 before version 4.0.0. The vulnerability allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without authentication, session validation, or cart context. This can lead to remote code exec [truncated]