Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek .
AI Analysis
Technical Summary
The Mirasvit Full Page Cache Warmer extension for Magento 2 contains a PHP object injection vulnerability (CVE-2026-45247) that allows unauthenticated attackers to remotely execute code on Magento and Adobe Commerce servers. This occurs because the extension deserializes user-supplied serialized PHP objects from the CacheWarmer cookie without restricting allowable classes, enabling exploitation via gadget chains in Magento's codebase. The vulnerability has a CVSS score of 9.8 and has been actively exploited in the wild since its public disclosure on May 26, 2026. The US CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog and mandates patching within three days for federal agencies. The vendor released version 1.11.12 to address the issue. Detection can be aided by monitoring for CacheWarmer cookies containing base64-encoded serialized objects starting with Tz, Qz, or YT.
Potential Impact
Successful exploitation leads to remote code execution on Magento and Adobe Commerce servers running vulnerable versions of the Mirasvit Cache Warmer extension. This can allow attackers to execute arbitrary code without authentication, potentially compromising the entire server and associated data. The vulnerability has been actively exploited in the wild, increasing the risk to affected organizations. Thousands of Magento stores are potentially exposed if not updated to the patched version.
Mitigation Recommendations
A patch is available in Mirasvit Cache Warmer extension version 1.11.12 and later. Organizations should immediately update to this version to remediate the vulnerability. CISA mandates federal agencies to patch within three days. Administrators can monitor for exploitation attempts by checking for CacheWarmer cookies containing base64-encoded serialized PHP objects starting with Tz, Qz, or YT as indicators of compromise. No other vendor advisories indicate alternative mitigations or that no action is required.
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
Description
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek .
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Mirasvit Full Page Cache Warmer extension for Magento 2 contains a PHP object injection vulnerability (CVE-2026-45247) that allows unauthenticated attackers to remotely execute code on Magento and Adobe Commerce servers. This occurs because the extension deserializes user-supplied serialized PHP objects from the CacheWarmer cookie without restricting allowable classes, enabling exploitation via gadget chains in Magento's codebase. The vulnerability has a CVSS score of 9.8 and has been actively exploited in the wild since its public disclosure on May 26, 2026. The US CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog and mandates patching within three days for federal agencies. The vendor released version 1.11.12 to address the issue. Detection can be aided by monitoring for CacheWarmer cookies containing base64-encoded serialized objects starting with Tz, Qz, or YT.
Potential Impact
Successful exploitation leads to remote code execution on Magento and Adobe Commerce servers running vulnerable versions of the Mirasvit Cache Warmer extension. This can allow attackers to execute arbitrary code without authentication, potentially compromising the entire server and associated data. The vulnerability has been actively exploited in the wild, increasing the risk to affected organizations. Thousands of Magento stores are potentially exposed if not updated to the patched version.
Mitigation Recommendations
A patch is available in Mirasvit Cache Warmer extension version 1.11.12 and later. Organizations should immediately update to this version to remediate the vulnerability. CISA mandates federal agencies to patch within three days. Administrators can monitor for exploitation attempts by checking for CacheWarmer cookies containing base64-encoded serialized PHP objects starting with Tz, Qz, or YT as indicators of compromise. No other vendor advisories indicate alternative mitigations or that no action is required.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/mirasvit-vulnerability-exploited-to-execute-code-on-magento-servers/","fetched":true,"fetchedAt":"2026-06-04T12:18:39.143Z","wordCount":1044}
Threat ID: 6a216d1fe29bf47b509f374c
Added to database: 6/4/2026, 12:18:39 PM
Last enriched: 6/4/2026, 12:18:47 PM
Last updated: 6/5/2026, 5:05:01 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.