The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploitation targeting Magento e-commerce environments running the Mirasvit Cache Warmer extension.
What Is CVE-2026-45247?
The flaw resides in Mirasvit Cache Warmer, a widely used full-page cache extension for Magento (Adobe Commerce). The vulnerability allows unauthenticated remote attackers to execute arbitrary code on vulnerable server instances, potentially leading to full store compromise, data theft, or deployment of web shells.
CISA's KEV listing indicates the agency has confirmed active exploitation in real-world attacks — not just proof-of-concept demonstrations. Federal agencies under CISA's jurisdiction are required to patch KEV-listed vulnerabilities within mandated deadlines.
Who Is Affected?
Any Magento or Adobe Commerce store running a vulnerable version of the Mirasvit Cache Warmer extension is at risk. Magento powers a significant portion of global e-commerce storefronts, making this vulnerability particularly impactful for retailers handling payment card data and personal customer information.
Site owners who have not applied available security patches should treat this as an emergency remediation priority given the confirmed exploitation activity.
Immediate Steps for Site Owners
- Identify vulnerable installs — Audit all Magento instances for Mirasvit Cache Warmer and determine the installed version.
- Apply the patch immediately — Check the Mirasvit vendor portal and Magento Marketplace for updated extension versions that address CVE-2026-45247.
- Review web server logs — Look for anomalous POST requests, unexpected admin account creation, or unfamiliar file uploads that may indicate prior compromise.
- Enable WAF rules — Web application firewall rules targeting this CVE can help block exploitation attempts while patching is underway.
- Rotate credentials — If compromise is suspected, rotate admin credentials, API keys, and payment gateway secrets immediately.
Broader Context: Magento Attacks in 2026
Magento continues to be a high-value target for cybercriminals due to the payment card data and personal information stored on e-commerce platforms. Skimming attacks (Magecart-style) and RCE exploits against Magento extensions have been a persistent threat vector throughout 2026.
CISA's KEV catalog addition serves as a clear signal that threat actors are actively leveraging CVE-2026-45247 in campaigns against live storefronts — merchants operating unpatched sites face serious financial and regulatory exposure.