{"id":226524,"date":"2026-06-05T03:15:07","date_gmt":"2026-06-05T07:15:07","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/05\/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-06-05T03:15:12","modified_gmt":"2026-06-05T07:15:12","slug":"u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/05\/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/193156\/security\/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html\">U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/193156\/security\/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html\">https:\/\/securityaffairs.com\/193156\/security\/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-04 13:10:17<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the Mirasvit Full Page Cache Warmer flaw, designated as CVE-2026-45247, in its Known Exploited Vulnerabilities catalog. This critical vulnerability, scoring a 9.3 on the CVSS scale, concerns a PHP object injection vulnerability present in versions of the Mirasvit extension for Magento 2 that are earlier than 1.11.12. Attackers can exploit this vulnerability unauthenticatedly by dispatching a specially crafted serialized PHP object through the CacheWarmer cookie. This leads to potential remote code execution (RCE) and, thus, complete server control from the attacker. Discovered by Sansec researchers, the flaw can be detected through suspicious CacheWarmer cookie values containing base64-encoded serialized PHP objects. Under the Binding Operational Directive 22-01, CISA has obligated federal agencies to address this vulnerability by June 6, 2026, and encourages private organizations to follow suit.<\/p>\n<p>Key Points:<br \/>\n&#8211; CVE-2026-45247 is a critical PHP object injection vulnerability in Mirasvit Full Page Cache Warmer for Magento.<br \/>\n&#8211; The flaw allows remote code execution without any authentication.<br \/>\n&#8211; CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.<br \/>\n&#8211; Identification of attempted exploitation can be made by unusual CacheWarmer cookie values containing base64-encoded serialized PHP objects.<br \/>\n&#8211; Federal agencies have a deadline of June 6, 2026, to patch this vulnerability as mandated by BOD 22-01.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog&#8230;<\/p>\n","protected":false},"author":1,"featured_media":226525,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-226524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226524"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=226524"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226524\/revisions"}],"predecessor-version":[{"id":226526,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226524\/revisions\/226526"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/226525"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=226524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=226524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=226524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}