The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent advisory concerning a critical security vulnerability in the Mirasvit Full Page Cache Warmer extension used in Magento systems. Identified as CVE-2026-45247, this flaw allows remote code execution, posing significant risks to eCommerce platforms utilizing Magento.
Exploitation of the Vulnerability
The vulnerability arises from the insecure deserialization of untrusted data, a common security issue in web applications. Attackers can exploit this flaw by crafting a harmful serialized payload and dispatching it through the CacheWarmer cookie. This process can result in arbitrary code execution on the server without needing proper authentication, significantly endangering Magento storefronts exposed to the internet.
Categorized under CWE-502, the flaw permits attackers to execute system commands, install backdoors, or further infiltrate the hosting environment. Given Magento’s extensive deployment across enterprise and mid-sized eCommerce platforms, the potential impact is substantial.
Official Response and Recommendations
CISA has incorporated CVE-2026-45247 into its Known Exploited Vulnerabilities catalog as of June 3, 2026, acknowledging its active use in attacks. Federal agencies have been mandated to address this issue by June 6, 2026, under Binding Operational Directive 22-01.
Though there is yet no verified link between this vulnerability and ransomware activities, its characteristics make it appealing to cybercriminals and initial access brokers. Security experts have observed attempts to exploit this flaw, often involving altered HTTP requests that include a compromised CacheWarmer cookie with encoded PHP objects.
Protective Measures and Future Outlook
Organizations using the Mirasvit Full Page Cache Warmer should promptly apply vendor-released patches or mitigations. In scenarios where patches are unavailable, CISA advises disabling or removing the extension to prevent potential threats.
Further defense strategies include configuring web application firewall rules to detect and block harmful serialized inputs, scrutinizing application logs for unusual activity, and limiting access to critical endpoints. This incident underscores the ongoing threat posed by deserialization flaws in contemporary web applications, emphasizing the importance of timely updates and vigilant monitoring.
To protect their systems, Magento administrators should consistently evaluate third-party extensions to ensure compliance with secure coding practices and avoid introducing vulnerabilities into their applications.
