Cache Warmer RCE Flaw Patched in Magento Extension

A critical unauthenticated RCE (CVE-2026-45247) in a popular full-page Cache Warmer extension for Magento/Adobe Commerce allows attackers to supply crafted cookies that reach PHP's native unserialize(), causing Magento PHP object injection; researchers report roughly 6,000 compromised stores. Immediate remediation is to upgrade the extension to version 1.11.12 and monitor server traffic for base64-encoded serialized PHP object markers beginning with Tz, Qz, or YT.