๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐— ๐—ฎ๐—ด๐—ฒ๐—ป๐˜๐—ผ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—”๐—น๐—ฒ๐—ฟ๐˜: ๐—œ๐˜€ ๐˜†๐—ผ๐˜‚๐—ฟ ๐˜€๐˜๐—ผ๐—ฟ๐—ฒ ๐—ฝ๐—ฟ๐—ผ๐˜๐—ฒ๐—ฐ๐˜๐—ฒ๐—ฑ?

In uitvoering Scheduled on 27.05.2026
Security researchers at Sansec have uncovered a critical vulnerability in the popular Mirasvit Cache Warmer extension for Magento Open Source. The flaw allows unauthenticated remote code execution (RCE) through a specially crafted cookie on any storefront page.

The vulnerability, tracked as CVE-2026-45247 and rated 9.8 Critical, affects all Mirasvit Cache Warmer versions before 1.11.12.

๐—ช๐—ต๐˜† ๐˜๐—ต๐—ถ๐˜€ ๐—บ๐—ฎ๐˜๐˜๐—ฒ๐—ฟ๐˜€ ๐Ÿ‘‡
Third-party Magento extensions can significantly improve performance and functionality, but when left unpatched or poorly maintained, they may also introduce serious security risks, including:
๐Ÿ”ธ Remote Code Execution (RCE)
๐Ÿ”ธ SQL Injection
๐Ÿ”ธ Cross-Site Scripting (XSS)
๐Ÿ”ธ Malware & Backdoor Injections
๐Ÿ”ธ Data Leaks

๐—ช๐—ต๐—ฎ๐˜ ๐˜†๐—ผ๐˜‚ ๐˜€๐—ต๐—ผ๐˜‚๐—น๐—ฑ ๐—ฑ๐—ผ ๐—ถ๐—บ๐—บ๐—ฒ๐—ฑ๐—ถ๐—ฎ๐˜๐—ฒ๐—น๐˜†:
1๏ธโƒฃ Check whether your Magento environment is running the Mirasvit Cache Warmer extension
2๏ธโƒฃ Update to version 1.11.12 or later immediately
3๏ธโƒฃ Review your logs for suspicious CacheWarmer cookie activity
4๏ธโƒฃ Scan your environment for potential compromise or malicious PHP files

At Hosted Power, we strongly believe that high-performance Magento hosting should also mean enterprise-grade security. Thatโ€™s why we continuously monitor infrastructure, support proactive patch management and help Magento merchants keep their environments secure, scalable and stable.

๐Ÿ‘‰ Read the full Sansec advisory here:
https://lnkd.in/eF23As9a
Gerelateerde servers / diensten:
Magento servers