CISA has added CVE-2026-45247 to its Known Exploited Vulnerabilities catalog after confirming active exploitation of a critical remote code execution flaw in Mirasvit Cache Warmer. The vulnerability affects this popular Magento full-page cache extension and carries a CVSS score of 9.8, placing it in the critical severity range.
The flaw stems from unsafe deserialization of untrusted data within the extension. Attackers exploit this weakness to execute arbitrary code on vulnerable servers without authentication. Because Mirasvit Cache Warmer is widely deployed across Magento installations, both Magento Community Edition and Enterprise Edition users face exposure.
CISA's addition to the KEV catalog signals that federal agencies must address this vulnerability immediately. Private organizations handling sensitive data should treat this with equivalent urgency. The catalog lists vulnerabilities confirmed to be exploited in active attacks.
Magento store owners should prioritize patching or disabling the Mirasvit Cache Warmer extension. The extension's developers have released patches addressing the deserialization issue. Organizations unable to apply updates immediately should isolate affected systems or restrict network access to administrative interfaces.
E-commerce platforms represent high-value targets for attackers seeking payment card data, customer information, and operational access. A successful RCE attack on a Magento site can lead to data theft, malware installation, and complete site compromise. The active exploitation confirmed by CISA indicates attackers are actively scanning for unpatched Magento installations running vulnerable versions of this extension.
Store operators should audit their Magento deployments for Mirasvit Cache Warmer presence, verify installed versions against patch notices, and implement version upgrades immediately. Web application firewalls may provide temporary mitigation if patching is delayed, though this does not replace proper updates.