03 June 2026
Reference: CVE-2026-45247
1. What is being reported?
The Mirasvit Full Page Cache Warmer plugin for Magento 2, before version 1.11.12, has a serious weakness. It improperly handles certain data in a way that lets attackers send specially crafted information to the website, which then runs malicious commands on the server. This can happen without any user authentication.
2. What this means in plain English
If your website uses this plugin and is not updated, attackers could take control of your website remotely. This could lead to data theft, website downtime, or other harmful impacts on your business operations.
3. Could this affect a small business?
Small businesses using Magento 2 with the Mirasvit Full Page Cache Warmer plugin before version 1.11.12 are at risk. If you do not use this plugin or have updated it, you are likely not affected.
4. What to do now
- Check if your website uses the Mirasvit Full Page Cache Warmer plugin for Magento 2.
- If it does, verify the plugin version and update it to version 1.11.12 or later as soon as possible.
- If an update is not available, consider disabling or removing the plugin until a fix is provided.
- Ask your IT provider to apply any recommended mitigations and follow official security guidance for your hosting environment.
5. Ask your IT provider
Can you confirm if our Magento 2 website uses the Mirasvit Full Page Cache Warmer plugin, and if so, has it been updated to version 1.11.12 or later to fix the critical security vulnerability?
6. Bottom line
Update or remove the vulnerable plugin immediately to protect your website from remote attacks.
Information based on CISA KEV, NVD, and reputable security reporting.