FHN 
A newly disclosed security vulnerability in a popular Magento caching extension could allow attackers to take complete control of affected online stores.
The flaw, tracked as CVE-2026-45247, has received a critical severity rating and can be exploited without authentication. Security researchers warn that thousands of Magento and Adobe Commerce stores may be at risk if the vulnerable plugin remains unpatched.
The issue affects the Mirasvit Cache Warmer extension, a tool commonly used to improve website performance by preloading cached pages for visitors.
How the Vulnerability Works
The vulnerability is caused by the plugin’s unsafe handling of data stored inside a cookie called CacheWarmer.
When a visitor sends a request to the website, the extension reads information from the cookie and rebuilds session data using PHP’s unserialize() function. Because the cookie data is controlled by the user and is not properly validated, attackers can supply specially crafted payloads that trigger malicious object creation on the server.
Researchers found that this behavior opens the door to PHP Object Injection attacks, which can eventually lead to remote code execution.
An attacker can potentially:
- Execute malicious code on the server
- Install webshells or backdoors
- Access sensitive store data
- Take control of the Magento environment
- Launch automated attacks against multiple stores
The vulnerability affects all Mirasvit Cache Warmer versions released before 1.11.12.
Thousands of Stores Potentially Affected
According to researchers, the extension is frequently bundled with other Mirasvit products, meaning some store owners may not even realize it is installed on their systems.
Security experts estimate that more than 6,000 Magento stores may be running vulnerable components, although the actual number could be higher.
The vendor was notified about the issue and quickly released version 1.11.12, which addresses the vulnerability.
Security teams should monitor web traffic for suspicious CacheWarmer cookie values containing unusual encoded data. Such activity could indicate attempted exploitation.
Recommended Actions
Organizations using Magento or Adobe Commerce should act immediately to reduce risk.
Recommended steps include:
- Upgrade Mirasvit Cache Warmer to version 1.11.12 or later
- Review web server logs for suspicious requests
- Scan systems for webshells and backdoors
- Inspect public-facing directories for unauthorized PHP files
- Deploy a web application firewall for additional protection
- Conduct a full compromise assessment if exploitation is suspected
Because the flaw can be exploited remotely without authentication, researchers expect attack attempts to increase following public disclosure.
Store administrators are strongly encouraged to patch affected systems as soon as possible to prevent potential compromise and data theft.
About the Author
