What's Happening?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory for federal agencies to patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension. This vulnerability, identified as CVE-2026-45247,
has been actively exploited in the wild, allowing attackers to execute remote code on Magento and Adobe Commerce servers. The flaw is a PHP object injection vulnerability that can be exploited without authentication, posing a significant risk to thousands of online stores using the affected extension. The vulnerability was publicly disclosed on May 26, and threat actors have been exploiting it for remote code execution shortly thereafter. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate action to mitigate potential security breaches.
Why It's Important?
The exploitation of this vulnerability highlights the ongoing risks associated with third-party software components in e-commerce platforms. Magento, a widely used e-commerce platform, powers numerous online stores, making this vulnerability particularly concerning for businesses relying on it for their operations. The ability to execute remote code without authentication poses a severe threat, potentially allowing attackers to compromise sensitive customer data, disrupt business operations, and damage brand reputation. The advisory from CISA underscores the importance of timely patching and vulnerability management in maintaining cybersecurity resilience. Organizations that fail to address this vulnerability risk significant financial and reputational damage, as well as potential regulatory penalties for data breaches.
What's Next?
Organizations using the Mirasvit Cache Warmer extension are advised to update to version 1.11.12 or newer, which contains patches for the exploited flaw. CISA's directive for federal agencies to patch within three days reflects the urgency of the situation. Businesses outside the federal sector are also encouraged to prioritize this update to protect their systems. Security teams should monitor for signs of exploitation, such as unusual requests with CacheWarmer cookies, and implement additional security measures to detect and prevent unauthorized access. The broader cybersecurity community will likely continue to monitor the situation for further developments and potential new exploits targeting similar vulnerabilities.
