A critical remote code execution flaw in the Mirasvit Cache Warmer Magento extension, identified as CVE-2026-45247, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog due to active exploitation in the wild. This vulnerability, with a CVSS score of 9.8, allows for deserialization of untrusted data, posing a significant threat to affected systems. The addition to the KEV catalog by CISA indicates a high level of concern and warrants immediate attention from administrators using the affected extension. As the vulnerability is being actively exploited, patching is considered a priority1. The high severity of this flaw and its active exploitation status make it a critical concern for practitioners, who should take immediate action to patch or mitigate the vulnerability to prevent potential attacks, as the exploitation status determines the urgency of the response.
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
⚠️ Critical Alert
Why This Matters
CVE-2026-45247 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, June 4). CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog. *The Hacker News*. https://thehackernews.com/2026/06/cisa-adds-exploited-magento-rce-flaw.html
Original Source
The Hacker News
Read original →