CVE Catalog
CVE-2026-57623
CriticalCVSS 9.0Summary
The W3 Total Cache plugin versions up to 2.9.4 contain a critical vulnerability allowing unauthenticated remote arbitrary code execution. The flaw stems from insufficient input validation in the caching mechanism.
Risk Assessment
An attacker can take over the web server, steal data, install malware, or completely disrupt the website's operation without needing any credentials.
Recommendation
Immediately update the W3 Total Cache plugin to the latest available version (>= 2.9.5). If an update is not possible, temporarily disable the plugin until a patch is released.
Original NVD description (English source)
Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.

