The US cybersecurity agency CISA has urged federal agencies to promptly patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension, which has been exploited for remote code execution. The vulnerability, tracked as CVE-2026-45247, affects all versions prior to 1.11.12 and poses significant risks to numerous Magento and Adobe Commerce stores.
The critical-severity vulnerability CVE-2026-45247 in the Mirasvit Full Page Cache Warmer for Magento 2, which allows remote code execution without authentication, necessitates immediate patching to version 1.11.12 or newer to mitigate the risk. Identifying potential exploitation involves checking for CacheWarmer cookies with base64-encoded serialized PHP objects. As a cybersecurity professional, you should prioritize patching this vulnerability and monitor for indicators of compromise to protect against potential attacks.