CISA has added CVE-2026-45247, a critical remote code execution vulnerability in the Mirasvit Cache Warmer Magento extension, to its Known Exploited Vulnerabilities catalogue following confirmed active exploitation. The flaw, scoring 9.8 on the CVSS scale, stems from insecure deserialisation of untrusted data, allowing an attacker to execute arbitrary code on affected systems. Any organisation running this extension on their Magento e-commerce platform should treat this as an urgent remediation priority.

Architect’s Take: Audit your Magento deployments immediately for the Mirasvit Cache Warmer extension and apply the vendor patch or remove the extension if no patch is available. Given active exploitation, also review web application firewall rules and inspect recent server logs for anomalous deserialisation payloads or unexpected outbound connections.

Original advisory: CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

A critical vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento/Adobe Commerce allows unauthenticated attackers to execute arbitrary code on affected servers. The flaw stems from unsafe deserialisation of a crafted PHP object passed via the CacheWarmer cookie, requiring no login or prior access. This vulnerability is actively being exploited in the wild, confirmed by CISA’s inclusion in its Known Exploited Vulnerabilities catalogue.

Architect’s Take: Identify any Magento or Adobe Commerce instances running the Mirasvit Full Page Cache Warmer extension and apply the vendor patch immediately ahead of the 6 June 2026 remediation deadline. Where patching is not immediately possible, implement a WAF rule to inspect and block malicious serialised PHP objects in the CacheWarmer cookie as an interim control.

Original advisory: CVE-2026-45247: Mirasvit Mirasvit Full Page Cache Warmer