CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
Cybersecurity NewsArchived Jun 04, 2026✓ Full text saved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments […] The post CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
By Abinaya
June 4, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247.
The flaw, stemming from insecure deserialization of untrusted data, is now being actively exploited in real-world attacks, raising concerns across eCommerce environments that rely on Magento platforms.
According to CISA, the vulnerability exists in how the extension processes serialized PHP objects received through the CacheWarmer cookie.
An unauthenticated attacker can craft a malicious serialized payload and send it via this cookie, triggering unsafe deserialization on the server.
This behavior allows arbitrary code execution without requiring valid credentials, making it particularly dangerous for internet-facing Magento stores.
Magento Cache Warmer RCE flaw Exploited
The issue has been classified under CWE-502, which covers deserialization of untrusted data, a well-known class of vulnerabilities frequently abused in web applications.
When exploited, attackers can execute system commands, deploy backdoors, or pivot deeper into the hosting environment. Given Magento’s widespread use in enterprise and mid-sized eCommerce deployments, the attack surface is significant.
CISA added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog on June 3, 2026, confirming active exploitation.
Federal agencies and organizations are required to remediate the issue by June 6, 2026, under Binding Operational Directive (BOD) 22-01.
While there is currently no public confirmation linking this flaw to ransomware campaigns, the nature of the vulnerability makes it highly attractive for initial access brokers and financially motivated threat actors.
Security researchers note that exploitation attempts may include suspicious HTTP requests containing a manipulated “CacheWarmer” cookie with encoded PHP object payloads.
Indicators of compromise may involve unexpected web server processes, unauthorized file creation within Magento directories, or outbound connections to unknown IP addresses following exploitation.
Logs may reveal abnormal cookie values or repeated requests targeting cache warming endpoints. Organizations using the Mirasvit Full Page Cache Warmer extension are strongly advised to apply vendor-provided patches or mitigations immediately.
If no fix is available, CISA recommends disabling or removing the affected component entirely to eliminate exposure.
Additional defensive measures include implementing web application firewall rules to inspect and block malicious serialized input, monitoring application logs for anomalies, and restricting access to sensitive endpoints.
This incident highlights the continued risk posed by insecure deserialization flaws in modern web applications. As attackers increasingly automate the exploitation of newly disclosed vulnerabilities, timely patching and proactive monitoring remain critical to defending production environments.
Magento administrators, in particular, should review third-party extensions regularly to ensure they meet secure coding standards and do not introduce hidden attack vectors into otherwise hardened systems.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Mustang Panda Deploys PlugX RAT Through Multi-Stage LNK and PowerShell Attack Chain
WordPress Malware Abuses Steam Community Profiles for C2 Operations
Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign
Bots Surpass Humans in Global Web Traffic for the First Time in Internet History
GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition
Latest News
Cyber Security News
Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks
Cyber Security News
Proofpoint Warns TA4922 Deploys Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT
ChatGPT
Weaponized ChatGPT Download Site Delivers Malware Via Sponsored Search Results
Cyber Security News
Kali365 PhaaS Operation Expands Beyond Microsoft 365 to Target Okta and MAX Messenger
Cyber Security News
Payouts King Ransomware Evades EDR With Obfuscation and Direct System Calls