CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

Staff Editor 2026-06-04
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

https://thehackernews.com/2026/06/cisa-adds-exploited-magento-rce-flaw.html

Publish Date: 2026-06-04 03:19:00

Source Domain: thehackernews.com

Ravie LakshmananJun 04, 2026Web Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.

The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted data that could be exploited to execute arbitrary PHP code on an affected server.

“Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie,” CISA said.

The shortcoming impacts all versions of the extension prior to version 1.11.12. Patches for the were released on May 25, 2026.

The addition of CVE-2026-45247 to the KEV catalog comes days after Sansec said the PHP object injection vulnerability could be exploited by means of any storefront request carrying a crafted CacheWarmer cookie, which then deserializes part of the cookie value with PHP’s native unserialize() function without requiring any authentication or admin privileges.

“Because that value comes straight from the client, an attacker controls the objects PHP reconstructs,” the Dutch security company said. “This is PHP object injection (CWE-502). Combined with a gadget chain from classes that Magento and its dependencies already ship, object injection escalates to remote code execution.”

Sansec said it identified about 6,000 stores running Mirasvit extensions, although the exact number is likely to be higher given that content delivery networks (CDNs) like Cloudflare mask installs.

Thales-owned Imperva has since disclosed it has observed active attack activity attempting to exploit CVE-2026-45247 through serialized PHP object payloads delivered via malicious HTTP…

Source

More Stories

Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05
Ashley Devoto Named Air Force CIO

Ashley Devoto Named Air Force CIO

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy