CVE-2026-45247

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12

Description An issue exists where unauthenticated attackers can achieve remote code execution by providing a crafted serialized PHP object within the CacheWarmer cookie. This is possible due to an unrestricted call to the native PHP unserialize() function, which, when combined with gadget chains in Magento and its dependencies, allows arbitrary code execution on the server. This flaw has been actively exploited in the wild and potentially exposes thousands of Magento shops worldwide.

Recommendations Update to version 1.11.12. Review systems for indicators of compromise (IOCs). Strengthen access controls and administrative account security.