Critical PHP Object Injection Vulnerability in Mirasvit Cache Warmer
ID: 76a4b9b1-f3c9-5bee-ae96-3d1859465c57
STIX ID: report--76a4b9b1-f3c9-5bee-ae96-3d1859465c57
Feed Name: ThreatCluster
Sansec disclosed a critical unauthenticated PHP object injection (CVE-2026-45247, CVSS 9.8) in Mirasvit Cache Warmer for Magento that allows remote code execution via a crafted CacheWarmer cookie; Mirasvit released patch 1.11.12 on 2026-05-25, a public PoC appeared and CISA added the CVE to its Known Exploited Vulnerabilities Catalog, with an estimated ~6,000 affected storefronts. Recommended actions are immediate upgrade to 1.11.12+, deploy detections for CacheWarmer cookies containing suspicious base64-encoded serialized objects, and monitor storefront traffic for exploitation indicators.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.