CISA Warns of Critical Magento RCE Flaw in Mirasvit Cache Warmer
A critical security flaw enabling remote code execution (RCE) has been discovered in a popular Magento extension. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog after observing active attacks in the wild.
A High-Risk Vulnerability
Tracked as CVE-2026-45247 and rated 9.8/10 on the CVSS scale, this flaw poses a severe risk. It affects Mirasvit Cache Warmer, an extension designed to cache full pages, widely used by e-commerce sites running Magento. The issue stems from insecure deserialization, which attackers can exploit to gain malicious access.
CISA is urging system administrators and businesses using this extension to act immediately. Exploiting this flaw could allow attackers to take control of web servers, steal sensitive data, or disrupt online services. The priority is to update affected systems quickly to prevent compromise.
This warning comes as cyberattacks targeting e-commerce platforms continue to rise, underscoring the need for proactive monitoring and regular patching.
Source: The Hacker News. Editorial synthesis assisted by AI — TechnoExpress.