CISA Adds Actively Exploited Magento RCE Flaw (CVE-2026-45247) to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability, CVE-2026-45247, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw impacts Mirasvit Cache Warmer, a popular Magento extension, and is being actively exploited in the wild through deserialization of untrusted data. Federal Civilian Executive Branch agencies are mandated to apply fixes by June 6, 2026.

Context

CVE-2026-45247 is a remote code execution vulnerability that affects the Mirasvit Cache Warmer extension for Magento. CISA's Known Exploited Vulnerabilities catalog lists vulnerabilities that are actively being exploited, emphasizing the need for immediate attention. The flaw allows attackers to execute arbitrary code by deserializing untrusted data, posing a serious risk to affected systems.

Why it matters

The addition of CVE-2026-45247 to CISA's catalog highlights the urgency of addressing critical cybersecurity vulnerabilities. Exploitation of this flaw could lead to significant disruptions for businesses using the affected Magento extension. Ensuring timely fixes is essential to protect sensitive data and maintain operational integrity.

Implications

Failure to address this vulnerability could lead to data breaches and financial losses for affected organizations. Federal agencies are required to implement fixes, setting a precedent for compliance in cybersecurity practices. Businesses relying on Magento extensions may face increased scrutiny and pressure to enhance their security measures.

What to watch

Organizations using the Mirasvit Cache Warmer should prioritize applying the necessary patches before the June 6, 2026 deadline. Monitoring for updates from CISA and software vendors will be crucial in mitigating risks. Stakeholders should also be aware of any emerging threats related to this vulnerability as it becomes more widely known.