CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 04, 2026

CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks

Cybersecurity News Archived Jun 04, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments […] The post CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks By Abinaya June 4, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments that rely on Magento platforms. According to CISA, the vulnerability exists in how the extension processes serialized PHP objects received through the CacheWarmer cookie. An unauthenticated attacker can craft a malicious serialized payload and send it via this cookie, triggering unsafe deserialization on the server. This behavior allows arbitrary code execution without requiring valid credentials, making it particularly dangerous for internet-facing Magento stores. Magento Cache Warmer RCE flaw Exploited The issue has been classified under CWE-502, which covers deserialization of untrusted data, a well-known class of vulnerabilities frequently abused in web applications. When exploited, attackers can execute system commands, deploy backdoors, or pivot deeper into the hosting environment. Given Magento’s widespread use in enterprise and mid-sized eCommerce deployments, the attack surface is significant. CISA added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog on June 3, 2026, confirming active exploitation. Federal agencies and organizations are required to remediate the issue by June 6, 2026, under Binding Operational Directive (BOD) 22-01. While there is currently no public confirmation linking this flaw to ransomware campaigns, the nature of the vulnerability makes it highly attractive for initial access brokers and financially motivated threat actors. Security researchers note that exploitation attempts may include suspicious HTTP requests containing a manipulated “CacheWarmer” cookie with encoded PHP object payloads. Indicators of compromise may involve unexpected web server processes, unauthorized file creation within Magento directories, or outbound connections to unknown IP addresses following exploitation. Logs may reveal abnormal cookie values or repeated requests targeting cache warming endpoints. Organizations using the Mirasvit Full Page Cache Warmer extension are strongly advised to apply vendor-provided patches or mitigations immediately. If no fix is available, CISA recommends disabling or removing the affected component entirely to eliminate exposure. Additional defensive measures include implementing web application firewall rules to inspect and block malicious serialized input, monitoring application logs for anomalies, and restricting access to sensitive endpoints. This incident highlights the continued risk posed by insecure deserialization flaws in modern web applications. As attackers increasingly automate the exploitation of newly disclosed vulnerabilities, timely patching and proactive monitoring remain critical to defending production environments. Magento administrators, in particular, should review third-party extensions regularly to ensure they meet secure coding standards and do not introduce hidden attack vectors into otherwise hardened systems. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Mustang Panda Deploys PlugX RAT Through Multi-Stage LNK and PowerShell Attack Chain WordPress Malware Abuses Steam Community Profiles for C2 Operations Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign Bots Surpass Humans in Global Web Traffic for the First Time in Internet History GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition Latest News Cyber Security News Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks Cyber Security News Proofpoint Warns TA4922 Deploys Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT ChatGPT Weaponized ChatGPT Download Site Delivers Malware Via Sponsored Search Results Cyber Security News Kali365 PhaaS Operation Expands Beyond Microsoft 365 to Target Okta and MAX Messenger Cyber Security News Payouts King Ransomware Evades EDR With Obfuscation and Direct System Calls
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 04, 2026
    Archived
    Jun 04, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗