{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/mirasvit/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-45247"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Full Page Cache Warmer for Magento 2","Magento"],"_cs_severities":["critical"],"_cs_tags":["php-object-injection","rce","magento","web-application","cve-2026-45247"],"_cs_type":"advisory","_cs_vendors":["Mirasvit","Magento"],"content_html":"\u003cp\u003eCVE-2026-45247 is a critical vulnerability affecting Mirasvit Full Page Cache Warmer for Magento 2, specifically versions prior to 1.11.12. The vulnerability is a PHP object injection flaw that enables unauthenticated attackers to execute arbitrary code remotely. This is achieved by injecting a malicious, serialized PHP object into the CacheWarmer cookie. The application\u0026rsquo;s unsafe use of the \u003ccode\u003eunserialize()\u003c/code\u003e function, in conjunction with available gadget chains within Magento and its dependencies, allows attackers to execute code on the server. This poses a significant risk to e-commerce sites utilizing the affected versions of the Mirasvit cache warmer.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a serialized PHP object containing a malicious payload.\u003c/li\u003e\n\u003cli\u003eThe attacker injects this serialized PHP object into the \u003ccode\u003eCacheWarmer\u003c/code\u003e cookie within an HTTP request to the Magento 2 server.\u003c/li\u003e\n\u003cli\u003eThe Magento 2 application receives the HTTP request containing the malicious cookie.\u003c/li\u003e\n\u003cli\u003eThe Mirasvit Full Page Cache Warmer extension processes the request and extracts the \u003ccode\u003eCacheWarmer\u003c/code\u003e cookie value.\u003c/li\u003e\n\u003cli\u003eThe application calls the PHP \u003ccode\u003eunserialize()\u003c/code\u003e function on the contents of the \u003ccode\u003eCacheWarmer\u003c/code\u003e cookie.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eunserialize()\u003c/code\u003e function instantiates objects based on the injected serialized data, triggering a pre-existing \u0026ldquo;gadget chain\u0026rdquo; within Magento or its dependencies.\u003c/li\u003e\n\u003cli\u003eThe gadget chain executes arbitrary PHP code specified within the malicious object.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution on the Magento 2 server, potentially leading to full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45247 allows an unauthenticated attacker to achieve remote code execution on the Magento 2 server. This can result in complete compromise of the e-commerce platform, including theft of sensitive customer data (e.g., credit card information, personal details), modification of website content, deployment of malicious code, and denial-of-service attacks. Given the severity of the vulnerability and ease of exploitation, all e-commerce businesses using the affected Mirasvit extension are at high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Mirasvit Full Page Cache Warmer for Magento 2 to version 1.11.12 or later to patch CVE-2026-45247 (reference: Mirasvit changelog in the References section).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-45247 Exploitation Attempt via CacheWarmer Cookie\u0026rdquo; to detect attempts to exploit this vulnerability (reference: rule below).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for cookie values to prevent object injection attacks.\u003c/li\u003e\n\u003cli\u003eConsider disabling the Mirasvit Full Page Cache Warmer extension temporarily if an immediate upgrade is not possible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T15:20:42Z","date_published":"2026-05-26T15:20:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-mirasvit-rce/","summary":"Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability (CVE-2026-45247) that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.","title":"Mirasvit Full Page Cache Warmer for Magento 2 PHP Object Injection RCE (CVE-2026-45247)","url":"https://feed.craftedsignal.io/briefs/2026-05-mirasvit-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Mirasvit","version":"https://jsonfeed.org/version/1.1"}