The recent addition of a critical vulnerability impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog is a significant development in the cybersecurity landscape. This vulnerability, tracked as CVE-2026-45247, has a CVSS score of 9.8, indicating its high severity and potential for widespread exploitation.
What makes this issue particularly concerning is the ease with which it can be exploited. The vulnerability stems from the deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary PHP code on affected servers. This is a critical flaw, as it can be triggered by a simple crafted serialized PHP object in the CacheWarmer cookie, without requiring any authentication or admin privileges.
The impact of this vulnerability is far-reaching. It affects all versions of the Mirasvit Full Page Cache Warmer prior to version 1.11.12, and patches were released on May 25, 2026. The vulnerability has already been observed in the wild, with active attacks targeting gaming and business sites in the U.S., the U.K., France, and Australia. The attackers' goal appears to be to identify vulnerable Magento environments and confirm the possibility of remote code execution.
What makes this attack particularly insidious is the use of base64-encoded serialized objects, which are designed to trigger PHP Object Deserialization. These payloads attempt to invoke functions like system() and current() to execute arbitrary commands on the underlying server. In several observed cases, attackers used test commands to validate successful code execution, indicating a sophisticated and targeted approach.
The addition of CVE-2026-45247 to the KEV catalog is a crucial step in raising awareness and taking proactive measures. Federal Civilian Executive Branch (FCEB) agencies have been ordered to apply the fixes by June 6, 2026, and site owners are advised to audit for potential exploitation attempts. By looking for CacheWarmer cookies with values containing specific markers, such as 'CacheWarmer:(Tz|Qz|YT)', they can detect and mitigate the risk of this critical vulnerability.
This incident highlights the importance of staying vigilant and proactive in the face of evolving cybersecurity threats. It serves as a reminder that even popular and widely used software can have critical vulnerabilities, and it is essential to keep software up-to-date and implement robust security measures to protect against potential exploits.
