Summary
CISA reports exploitation of a critical PHP object injection vulnerability (CVE-2026-45247) in the Mirasvit Full Page Cache Warmer. The flaw allows unauthenticated attackers to achieve remote code execution by sending a malicious cookie to vulnerable e-commerce servers.
Take Action:
If you use the Mirasvit Full Page Cache Warmer on Magento, update to version 1.11.12 immediately. After updating, check your web logs for 'CacheWarmer' cookies containing base64 strings starting with Tz, Qz, or YT to see if attackers have already targeted your store.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)