CISA has added CVE-2026-45247 affecting Mirasvit Cache Warmer for Magento to its Known Exploited Vulnerabilities catalog after reports of active exploitation. The flaw allows unauthenticated remote code execution through a crafted CacheWarmer cookie and has been observed in attacks targeting Magento stores worldwide. #CVE-2026-45247 #Mirasvit #Magento #CISA #Sansec #Imperva
Keypoints
- CVE-2026-45247 affects Mirasvit Cache Warmer versions before 1.11.12.
- The flaw is a deserialization issue that can lead to remote code execution.
- Attackers can exploit it with a crafted CacheWarmer cookie in storefront requests.
- Sansec and Imperva reported active exploitation using serialized PHP object payloads.
- FCEB agencies must apply the fix by June 6, 2026, and sites should inspect CacheWarmer cookies for signs of attack.
Read More: https://thehackernews.com/2026/06/cisa-adds-exploited-magento-rce-flaw.html