CVE Catalog

CVE-2026-57623

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Summary

The W3 Total Cache plugin versions up to 2.9.4 contain a critical vulnerability allowing unauthenticated remote arbitrary code execution. The flaw stems from insufficient input validation in the caching mechanism.

Risk Assessment

An attacker can take over the web server, steal data, install malware, or completely disrupt the website's operation without needing any credentials.

Recommendation

Immediately update the W3 Total Cache plugin to the latest available version (>= 2.9.5). If an update is not possible, temporarily disable the plugin until a patch is released.

Original NVD description (English source)

Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS