CRITICAL
Mirasvit
CVE published 2026-05-26
CVE-2026-45247
CVE-2026-45247 documents a critical PHP object injection vulnerability in Mirasvit Full Page Cache Warmer for Magento 2, affecting versions prior to 1.11.12. The vulnerability stems from an unrestricted call to PHP's native unserialize() function on attacker-controlled input passed via the CacheWarmer cookie. Unauthenticated remote attackers can supply crafted serialized PHP objects to trigger gadget chai [truncated]