Critical Mirasvit Vulnerability Exploited for Remote Code Execution on Magento Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory for federal agencies to patch a critical vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension. This vulnerability, identified as CVE-2026-45247, has been actively exploited in the wild, allowing attackers to execute remote code on Magento and Adobe Commerce servers. The flaw is a PHP object injection vulnerability that can be exploited without authentication, posing a significant risk to thousands of online stores using the affected extension. The vulnerability was publicly disclosed on May 26, and threat actors have been exploiting it for remote code execution shortly thereafter. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate action to mitigate potential security breaches. 
