CVE-2026-45247: Mirasvit Cache Warmer RCE Flaw
🔴 Critical | Source: CISA Known Exploited Vulnerabilities A critical vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento/Adobe Commerce allows unauthenticated attackers to execute arbitrary code on affected servers. The flaw stems from unsafe deserialisation of a crafted PHP object passed via the CacheWarmer cookie, requiring no login or prior access. This vulnerability is actively being exploited in the wild, confirmed by CISA’s inclusion in its Known Exploited Vulnerabilities catalogue. ...