CYBERHAWK / CVE / CVE-2026-45247

CVE-2026-45247

Mirasvit Full Page Cache Warmer

ACTIVELY EXPLOITED (KEV) vibe

The flaw

Deserialization of untrusted data allows remote code execution via crafted PHP object in cookie.

What to do

Update to latest version or disable plugin immediately

▸ Scan my repo for CVE-2026-45247

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV CatalogThe Hacker News · 2026-06-03
Imperva Customers Protected Against CVE-2026-45247 in Mirasvit Full Page Cache Warmer for MagentoSecurity Boulevard · 2026-05-30
Mirasvit Vulnerability Exploited to Execute Code on Magento ServersSecurityWeek · 2026-06-04

First seen 2026-06-05 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits