Exploit for Deserialization of Untrusted Data in Mirasvit Full_Page_Cache_Warmer

markdown CVE-2026-45247 - Mirasvit Full Page Cache Warmer for...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-45247link is external Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector...

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie...

VulnCheck KEV: CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

EUVD-2026-31837

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Summary: CVE-2026-45247 affects Mirasvit Full Page Cache Warmer for Magento 2 (pre‑1.11.12). The vulnerability arises from an unsafe PHP deserialization: a crafted serialized object placed in the CacheWarmer cookie is passed to PHP’s unserialize() without class restrictions, enabling unauthentica...

Mirasvit Full Page Cache Warmer for Magento 2 代码问题漏洞

Mirasvit Full Page Cache Warmer for Magento 2 is a caching preheating extension developed by the American company Mirasvit for Magento 2. Versions prior to 1.11.12 of Mirasvit Full Page Cache Warmer for Magento 2 contained a code vulnerability. This vulnerability stemmed from the lack of...

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description A PHP object injection issue exists due to the unrestricted use of the native unserialize function. Unauthenticated attackers can achieve remote code execution...

EUVD-2017-5824

Malware in sbrugna...

EUVD-2017-5823

Malware in sbrugna...

VulnCheck KEV: CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

Mirasvit Helpdesk MX Code Execution Vulnerability

Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A security vulnerability exists in Mirasvit Helpdesk MX versions prior to 1.5.3. A remote attacker can exploit the vulnerabili...

Mirasvit Helpdesk MX Cross-Site Scripting Vulnerability

Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A cross-site scripting vulnerability exists in the administration interface of Mirasvit Helpdesk MX versions prior to 1.5.3. A...

Code injection

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files...