Executive Summary

CVE-2026-45247 is a PHP object injection vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2 versions before 1.11.12. It occurs because the extension unserializes attacker-controlled data from a cookie named CacheWarmer without proper validation. This allows unauthenticated attackers to supply a crafted serialized PHP object that, when deserialized, can trigger malicious code execution on the server.

The vulnerability exploits the unrestricted use of PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies, enabling remote code execution without requiring any authentication or admin access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to execute arbitrary code remotely on the affected server. Since no authentication is required, attackers can exploit this flaw simply by sending a specially crafted cookie to any storefront page.

• Remote code execution on the server hosting the Magento store.
• Potential full compromise of the affected system, including unauthorized access to data and control over server operations.
• Possibility of deploying malware, defacing websites, stealing sensitive customer information, or disrupting business operations.

Because the vulnerability is easily exploitable and automated exploit signatures can be created, it poses an urgent security risk to merchants using vulnerable versions.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for HTTP requests containing a specially crafted CacheWarmer cookie with serialized PHP objects. Such cookies often include base64-encoded strings starting with markers like Tz, Qz, or YT.

To detect potential exploitation attempts on your network or system, you can inspect incoming HTTP requests for suspicious CacheWarmer cookies that contain these base64-encoded serialized objects.

• Use network monitoring tools or web server logs to search for requests with the CacheWarmer cookie.
• Example command to search web server logs for suspicious CacheWarmer cookies (assuming Apache logs):
• grep 'CacheWarmer=' /var/log/apache2/access.log | grep -E 'Tz|Qz|YT'
• Use tools like tcpdump or Wireshark to capture HTTP traffic and filter for requests containing the CacheWarmer cookie.
• Deploy specialized scanning tools such as eComscan to detect signs of compromise related to this vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

The most immediate and effective mitigation is to update the Mirasvit Full Page Cache Warmer extension to version 1.11.12 or later, which contains the patch for this vulnerability.

Additional immediate steps include deploying real-time protection solutions such as Sansec Shield to block exploitation attempts and scanning your system for signs of compromise.

• Update the Mirasvit Cache Warmer extension to version 1.11.12 or later.
• Deploy real-time protection tools like Sansec Shield.
• Use scanning tools such as eComscan to detect any compromise.
• Review web-accessible directories for unauthorized PHP files or other suspicious artifacts.

Useful 0 Not Useful 0

Compliance Impact

The provided context and resources do not explicitly mention the impact of CVE-2026-45247 on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0