Attack Chain

1. An unauthenticated attacker crafts a serialized PHP object containing a malicious payload.
2. The attacker injects this serialized PHP object into the CacheWarmer cookie within an HTTP request to the Magento 2 server.
3. The Magento 2 application receives the HTTP request containing the malicious cookie.
4. The Mirasvit Full Page Cache Warmer extension processes the request and extracts the CacheWarmer cookie value.
5. The application calls the PHP unserialize() function on the contents of the CacheWarmer cookie.
6. The unserialize() function instantiates objects based on the injected serialized data, triggering a pre-existing “gadget chain” within Magento or its dependencies.
7. The gadget chain executes arbitrary PHP code specified within the malicious object.
8. The attacker achieves remote code execution on the Magento 2 server, potentially leading to full system compromise.

Impact

Successful exploitation of CVE-2026-45247 allows an unauthenticated attacker to achieve remote code execution on the Magento 2 server. This can result in complete compromise of the e-commerce platform, including theft of sensitive customer data (e.g., credit card information, personal details), modification of website content, deployment of malicious code, and denial-of-service attacks. Given the severity of the vulnerability and ease of exploitation, all e-commerce businesses using the affected Mirasvit extension are at high risk.

Recommendation

• Upgrade Mirasvit Full Page Cache Warmer for Magento 2 to version 1.11.12 or later to patch CVE-2026-45247 (reference: Mirasvit changelog in the References section).
• Deploy the Sigma rule “Detect CVE-2026-45247 Exploitation Attempt via CacheWarmer Cookie” to detect attempts to exploit this vulnerability (reference: rule below).
• Implement input validation and sanitization for cookie values to prevent object injection attacks.
• Consider disabling the Mirasvit Full Page Cache Warmer extension temporarily if an immediate upgrade is not possible.