What's Happening?
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension. This vulnerability, identified as CVE-2026-45247,
has been actively exploited for remote code execution (RCE) on Magento and Adobe Commerce servers. The flaw is a PHP object injection vulnerability that allows attackers to execute arbitrary code remotely without authentication. The vulnerability is exploited through crafted serialized PHP objects injected into the CacheWarmer cookie, which are deserialized without class restrictions. Thousands of Magento and Adobe Commerce stores using versions of the extension prior to 1.11.12 are at risk. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to patch within three days as per Binding Operational Directive 22-01.
Why It's Important?
The exploitation of this vulnerability poses significant risks to the security of e-commerce platforms using Magento and Adobe Commerce. Remote code execution vulnerabilities can lead to unauthorized access, data breaches, and potential financial losses for businesses. The directive from CISA highlights the urgency of addressing this flaw to prevent further exploitation. Organizations using the affected extension are advised to update to the latest version to mitigate risks. The widespread use of Magento in e-commerce amplifies the potential impact, as compromised systems can affect customer trust and business operations. The vulnerability underscores the importance of timely patching and cybersecurity vigilance in protecting digital assets.
What's Next?
Federal agencies are required to patch the vulnerability within three days, but all organizations using the Mirasvit Cache Warmer extension are strongly advised to update to version 1.11.12 or newer. Administrators should monitor for signs of exploitation, such as storefront requests with specific CacheWarmer cookie values. The cybersecurity community may continue to monitor and report on exploitation attempts, while affected businesses may need to reassess their security protocols to prevent future vulnerabilities. The incident may prompt further scrutiny of third-party extensions and their security implications in e-commerce platforms.
