Is CVE-2026-45247 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-45247 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-45247 affect?

CVE-2026-45247 affects Magento.

Vulnerability intelligence

CVE-2026-45247

A PHP object injection vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 allows unauthenticated RCE via a single crafted cookie. CVSS 9.3. Actively exploited. Federal patch deadline already passed. Every unpatched Magento store is overdue.

Magento 2026

What WebPulse reported · 2 analyses

One Cookie. Full Remote Code Execution. CVE-2026-45247 Hits Magento E-Commerce Sites and CISA Added It to the KEV Catalog.

A PHP object injection vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 allows unauthenticated RCE via a single crafted cookie. CVSS 9.3. Actively

June 16, 2026

Magento Cache Plugin Gives Attackers Full Server Control via Cookie

CVE-2026-45247: Unauthenticated RCE in Mirasvit Full Page Cache Warmer. CISA KEV listed, actively exploited.

June 17, 2026

View CVE-2026-45247 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2025-54236 CVE-2024-34102 CVE-2022-24086 CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-11645