A critical PHP object injection vulnerability, tracked as CVE-2026-45247, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog1. This flaw affects Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12, allowing unauthenticated attackers to send specially crafted requests. With a CVSS score of 9.3, this vulnerability is considered highly severe. The CISA's addition of this vulnerability to its catalog indicates that it is being actively exploited in the wild. As a result, administrators of affected systems should prioritize patching to prevent potential attacks. The exploitation status of CVE-2026-45247 will determine whether this is a patch-now or monitor situation, making it crucial for practitioners to stay informed about the latest developments. This vulnerability's active exploitation underscores the importance of timely patching to prevent attacks.
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
⚠️ Critical Alert
Why This Matters
CVE-2026-45247 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, June 4). U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. SecurityAffairs. https://securityaffairs.com/193156/security/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Original Source
SecurityAffairs
Read original →